wrong variable splitting at mlil level of dereference of structure pointer type structure member

[VisualEhrmanntraut]

Version and Platform (required):

• Binary Ninja Version: 5.2.8602-dev
• Edition: Non-Commercial (Personal)
• OS: macOS
• OS Version: 26.1
• CPU Architecture: M3

Bug Description:
the title

Steps To Reproduce:
Go to the binary and set the type of the 2nd parameter as it is in dispmprt.h (a DXGKARG_COLLECTDIAGNOSTICINFO*) with a slight modification; hAdapter changed to point to a structure (instead of HANDLE/void*) with two uint32_ts as the very first fields:

struct DISPATCHER
{
    uint32_t magic;
    uint32_t field_4;
};

typedef enum _DXGK_DIAGNOSTICINFO_TYPE
{
    DXGK_DI_ADDDEVICE = 0x0,
    DXGK_DI_STARTDEVICE = 0x1,
    DXGK_DI_BLACKSCREEN = 0x2
} DXGK_DIAGNOSTICINFO_TYPE;

typedef struct
    _DXGKARG_COLLECTDIAGNOSTICINFO
{
    struct DISPATCHER* hAdapter;
    DXGK_DIAGNOSTICINFO_TYPE Type;
    CHAR BucketingString[0x40];
    CHAR DescriptionString[0x80];
    union
    {
        PVOID pReserved;
    };
    UINT BufferSizeIn;
    UINT BufferSizeOut;
    PVOID pBuffer;
} DXGKARG_COLLECTDIAGNOSTICINFO;

You will observe the problem at 140029b37.

Expected Behavior:

Screenshots/Video Recording:

(Output with DISPATCHER*)

Binary:
it's https://binaryninja.slack.com/files/U082N6K4PHB/F09QLTVJE4V/amdkmdag.sys

Additional Information:
It only breaks when the hAdapter field is a structure pointer (DISPATCHER*) and not void* (aka HANDLE).

[psifertex]

File in question is in the portal as: scalar point shifts precisely (slack file attachment links don't work super well)

[plafosse]

This was fixed in a somewhat recent dev build.