When calculating whether a value can safely overflow for use by an icmp, we weren't checking that the value couldn't wrap around. To do this we need the icmp to be using a constant, as well as the incoming add or sub.
bugzilla report: https://bugs.llvm.org/show_bug.cgi?id=39060
can you specify what exactly the "overflowing value" in the pattern is?