I'm conducting security analysis of Linux drivers using the TaintAnalysis functionality of CodeQL. However, CodeQL seems cannot be able to apply the predicate asDefiningArgument() to the kernel function kfree().

When I take a Quick Evaluation of the ql snippet below, I cannot get any results.
exists(FunctionCall call | arg.asDefiningArgument() = call.getArgument(0) and call.getTarget().getName() = "kfree")

Meanwhile, I I take a Quick Evaluation of the ql snippet below, lots of results displayed.
exists(FunctionCall call | arg.asExpr() = call.getArgument(0) and call.getTarget().getName() = "kfree")

Did I do something wrong?