ELF@@! @qT!@!?_֠_?#{S[@T  ?T6s@ Tt @a R@9?k@T9SA[B{è#_R?#{S@@;hG T`c" @A`џ T"@_ATSA{¨#_Rr@s@sB!R SA{¨#_`?#{S[k@@t@Tc  z @@?` @b@A"wb@aTcC3 @|SA[BkD{Ũ#_?#{S @q T"@_ T_TA8C,@6@~T!HR @5[c @~ TkB@@T @!@AT@ C @@? @ @* 7[B*SAcCkD{Ũ#_ֳ*SA{Ũ#_A8C,@#6@~hT!HR @S5[c @   ?*6V6B@T!!@T @aT[B*SAcC{Ũ#_B@"6B@b6x[BcCkDRr@k ҡb  9@6@ @@? @kDbq`|_a|Ȣ53z @97"R"9!|[BcCxs?#{R{#_?#{R{#_vfio_file_enforced_coherent&kv->lockvfio_file_set_kvmvfio_file_is_validstruct file::f_count incremented from zero; use-after-free condition present! kvm-vfio% include/linux/fs.h$B,AbCintuu,*)s32V)u32i)s64)u647u 8H#=*= h uDtEF89fd uGo7uh     rm*u:00 H*ur`    ;uv    :0  *u &*u      ,-.LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~;u9kvm <? %% <8 o %!%"m%#10!d 1 &!N  =6 u1 &"] I+'V& Ph'\G hP'cc Ph1#u '#3 &   &! &! =3 u'b   J Kb(l b devl/ l8(tmpn (kvo t t x x !}  ? hLL = 2devL i3kvN f3kvfO= c3tmpO= d4^ !Qc4 !Qd4 !Qd"W #$U M8 b, 2dev8 P>9 QN, b|2dev, d>- Q 221 ?2%LY,%-&-"kd|!.!$ P"/ ?3K )1 F:R^!.&!.&! v !!?9:GT-U\] c"! f g  c! !! B !$! &Q34  K!!dPi,v-w~"k|!.!$ P"/ ?3K )1 LF:R^!.&n!.&! v !!?  -  cB _S jg uQ e c55C0T` kf$ Q Q$#' #  + k}"X Rj      9 )  )!X:!5F!N!_!k!x!4 XO E Y Pf X w P  ,x, ,QE9] bdev1 ;arg(fd \ b .(__p \ .  b b b b + b .(__p \ .  }b b b b +\  bBdev1 fdCukv kvf= f retb 3    bdev1 fdCukv kvf=  retb66      x Cdevx: kvz {1kvf|= 4 ~ ~ C 1xC1 fnE retF1O1 x 3 13: fn5 ret61& &0 kvm&B fn( P  /N kvmN8 /J9kvmJ: /<Rkvm<D /8kkvm8B   f 2    1 ! 1  1 1  b ptrB @w1@r1 bkptr2E ! " &b&0&D / %%%;P%Gh. DPPh u%uD : ;9 I.: ;9 'I : ;9 I<1X Y W  U 1.: ; 9 '  1U.?: ; 9!'<1X Y W &I1RUX Y W! 11RUX YW 1RUX Y W !4: ;9 I"1RUX YW #1X YW $ 1% :!; 9 I8 &.?: ; 9 '<'.?: ;9 'I<(4:!;9 I):!; 9!I*>! !I: ;9!+.?: ;9 '<, 1U- 1. :!;9!/.:!;9!' !0!I/ 1.?: ;9!'<2:!;9!1I34:!;9 I4 5 16 : ; 9!7>! !I: ; 9!85I9<:I;>! !I: ; 9!< :!; 9!=.?:! ; 9 'I<>:!;9!!I?1X!YW!@.:!; 9!'I !A1B% C$ > D<E F&G4: ; 9 I?H4: ;9 I?<IJ.?: ;9 '@|K.?: ;9 'I@|L.: ;9 '@|M.: ;9 'I@zN.: ;9 'I@|O'IP'Q.: ; 9 ' R.: ; 9 'S.: ; 9 'IT.1@|U.1@|V 1U,,,,DH\lllpt                                      ( > &Q ! ~  zX& X00> / 2$ %=" tnX.yJ'  f  / < t  v<~~ }t#} }  X " xJS.u!  c.Q~d"" ! ~  p  ~ .'. < ! ~ )' 1L / -!1ri # ] !"!~   "~ j ~ ~ /#>.//00 ~. s!dX~d"" ! ~  p  ~ .'.  ~.! /$Y#>""%> < /= e< /   . }<   / d.   /  1f~~ |t3  g|j~A <    y!~._  ! !  ~ ~ /#>. Jf  .<   .       z  ~<<. / ! /?/!!__after_CNTVOFF_EL2__after_CONTEXTIDR_EL1DBGVCR32_EL2KVM_DEV_TYPE_XICSfgetCNTP_CVAL_EL0callerTPIDRRO_EL0__kernel_ulong_t__to_fd__before_AFSR0_EL1CNTKCTL_EL1get_file__before_TTBR0_EL1__before_CNTP_CVAL_EL0__before_HDFGRTR_EL2__gu_failedkvm_device_opsfgt_group_idPMCNTENSET_EL0kvm_vfio_releasekvm_vfio_file_delkasan_check_writePMEVTYPER0_EL0CNTV_CVAL_EL0APIAKEYHI_EL1KVM_DEV_TYPE_VFIOPERF_COUNT_SW_TASK_CLOCKflagsshift__before_VPIDR_EL2PERF_COUNT_SW_PAGE_FAULTS_MAJuaccess_ttbr0_enableKVM_DEV_TYPE_MAX__after_VTCR_EL2INIT_LIST_HEAD__after_HSTR_EL2unsigned int__before_SP_EL1SP_EL1SP_EL2HACR_EL2KMALLOC_RANDOM_END__uaccess_mask_ptr__dummyheadkvm_devicekmalloc_type__lse_atomic64_fetch_add_relaxed___GFP_ZEROTAGS_BITraw_atomic64_fetch_inc_relaxed__rgu_val___GFP_RECLAIMABLE_BIT__already_donePAR_EL1MDCCINT_EL1const_test_bit___GFP_UNUSED_BITkvm_vfio_has_attrlimit__rgu_failedkvm_vfio_update_coherencyOSLSR_EL1PERF_COUNT_SW_DUMMY__compiletime_assert_106__compiletime_assert_107prevSPSR_EL1SPSR_EL2__list_del__before_SCTLR_EL1kmalloc_noprofAFSR1_EL1AFSR1_EL2__ret_oncekmalloc_cache_typealternative_has_cap_likelyHCRX_EL2__NO_FGT_GROUP__kvm_vfio_ops_exit__addrKVM_DEV_TYPE_FLIC__before_CPACR_EL1list__before_CNTV_CVAL_EL0___GFP_NORETRY_BITlist_add_tail__NR_FGT_GROUP_IDS____before_CONTEXTIDR_EL1KMALLOC_DMA__after_MAIR_EL1APDBKEYHI_EL1CNTHCTL_EL2vcpu_sysregIFSR32_EL2__int128 unsigned__before_AMAIR_EL1mutex___GFP_MOVABLE_BIT___GFP_THISNODE_BITPMEVCNTR30_EL0PMCR_EL0__mutex_initAPDAKEYLO_EL1out_fputindex__before_TCR_EL1kvm_arch_register_noncoherent_dma__after_VBAR_EL1HDFGRTR_GROUPresultKVM_DEV_TYPE_XIVElong long unsigned intPERF_COUNT_SW_PAGE_FAULTS_MINfilekernel_load_data_strfilpHFGWTR_EL2__after_AFSR1_EL1__symbol_getattr__before_FAR_EL1thread_infotest_ti_thread_flagkmalloc_caches__after_TTBR1_EL1VPIDR_EL2TTBR1_EL2PERF_COUNT_SW_MAX___GFP_HIGH_BITAPIBKEYHI_EL1lock_class_key__before_HSTR_EL2CNTV_CTL_EL0valueMDSCR_EL1__after_HDFGRTR_EL2CSSELR_EL1__compiletime_assert_146__kmalloc_cache_noproffdputcpucap_is_possibleGCR_EL1kvm_device_attrRVBAR_EL2KVM_NR_BUSES__after_SP_EL1kvm_vfio_file_enforced_coherentcurrent_stack_pointer_res_BoolTFSRE0_EL1__before_VBAR_EL1file_listCNTHP_CVAL_EL2__before_HAFGRTR_EL2___GFP_NOMEMALLOC_BIT__ret_condKVM_MMIO_BUS__after_TPIDR_EL2KVM_DEV_TYPE_ARM_PV_TIMEPERF_COUNT_SW_ALIGNMENT_FAULTSargp__after_VPIDR_EL2true__compiletime_assert_642__compiletime_assert_643CNTHP_CTL_EL2__access_okCNTVOFF_EL2___GFP_DIRECT_RECLAIM_BIT__compiletime_assert_376HAFGRTR_GROUPkvm_bus__after_MDSCR_EL1__compiletime_assert_144__compiletime_assert_145HDFGWTR_EL2__before_MAIR_EL1perf_sw_idsAPIAKEYLO_EL1charmight_faultflag___GFP_NO_OBJ_EXT_BITnoncoherentkcsan_check_access__before_TCR2_EL1generic_test_bit___GFP_LAST_BIT__rgu_ptruaccess_ttbr0_disableHFGRTR_EL2__before_VTTBR_EL2arch_atomic64_fetch_add_relaxedget_currentAPDBKEYLO_EL1kfree___GFP_ACCOUNT_BITTTBR1_EL1HSTR_EL2__after_CNTV_CTL_EL0___GFP_DMA_BITraw_atomic64_fetch_add_relaxedHFGxTR_GROUPHFGITR_GROUPMAIR_EL1MAIR_EL2PMOVSSET_EL0kmem_cacheACTLR_EL2FAR_EL1FAR_EL2task_struct__INVALID_SYSREG____before_HCR_EL2long long intlist_is_headPIRE0_EL1kvm_vfiolockraw_atomic_long_fetch_inc_relaxed__after_FAR_EL1AFSR0_EL1AFSR0_EL2kvm_vfio_fileVBAR_EL1VBAR_EL2access_ok___GFP_FS_BITboolNR_SYS_REGSmutex_lockAPDAKEYHI_EL1__kmalloc_large_noprof__after_HFGWTR_EL2__after_HDFGWTR_EL2kvm_vfio_create__after_CNTP_CVAL_EL0___GFP_ZERO_BITHFGITR_EL2MDCR_EL2TCR_EL1TCR_EL2__ret_warn_onCNTHV_CTL_EL2PERF_COUNT_SW_CGROUP_SWITCHESsize__before_ESR_EL1kzalloc_noprofkernel_read_file_str__before_VTCR_EL2ACTLR_EL1CNTP_CTL_EL0kvm_vfio_opsFPEXC32_EL2__before_HFGITR_EL2__after_ACTLR_EL1mask_oldPERF_COUNT_SW_PAGE_FAULTSuintptr_t__after_PIRE0_EL1kvm_vfio_ops_initsafe_ptr__symbol_put__after_TFSR_EL1__after_AFSR0_EL1__before_ZCR_EL1mutex_unlockKVM_DEV_TYPE_RISCV_AIAELR_EL1__after_TTBR0_EL1__after_VMPIDR_EL2short unsigned intTTBR0_EL1TTBR0_EL2VTTBR_EL2NR_KMALLOC_TYPES__after_CNTP_CTL_EL0__before_CNTVOFF_EL2APIBKEYLO_EL1size_tPMSELR_EL0cpucap__u32___GFP_IO_BIT__u64TPIDR_EL0list_del__s32__gma_errKMALLOC_NORMAL__before_AFSR1_EL1gfp_tshort int__warn_printk__fdget__ll_sc_atomic64_fetch_add_relaxedkvm_arch_start_assignment__before_TTBR1_EL1long intHDFGRTR_EL2__list_del_entrykvm_arch_end_assignmentfdgetAPGAKEYLO_EL1RGSR_EL1__VNCR_START__AMAIR_EL1AMAIR_EL2__before_PIR_EL1TPIDR_EL1TPIDR_EL2__after_VTTBR_EL2__before_MDSCR_EL1kvm_arch_unregister_noncoherent_dmaCLIDR_EL1__before_TFSR_EL1__after_HFGRTR_EL2nodeKVM_DEV_TYPE_ARM_VGIC_ITS__kernel_size_tCONTEXTIDR_EL1CONTEXTIDR_EL2___GFP_COMP_BITpriorsp_el0___GFP_DMA32_BITentryPERF_COUNT_SW_CPU_MIGRATIONSVTCR_EL2signed char__after_SCTLR_EL1__after_HFGITR_EL2SCTLR_EL1SCTLR_EL2__kmalloc_noprof__list_del_entry_validHPFAR_EL2KVM_DEV_TYPE_ARM_VGIC_V2KVM_DEV_TYPE_ARM_VGIC_V3KVM_VIRTIO_CCW_NOTIFY_BUS__gu_val__after_SPSR_EL1kvm_register_device_ops__after_HAFGRTR_EL2__after_CPACR_EL1PERF_COUNT_SW_CONTEXT_SWITCHESCPACR_EL1__after_TCR_EL1DISR_EL1kvm_vfio_file_add__before_ELR_EL1__after_TCR2_EL1long unsigned int__u8___GFP_RETRY_MAYFAIL_BITatomic64_talloc_tag__after_AMAIR_EL1KVM_PIO_BUS__before_HFGWTR_EL2__after_ESR_EL1__ret_do_once___GFP_NOWARN_BIT__after_HCR_EL2GNU C11 13.2.0 -mlittle-endian -mgeneral-regs-only -mabi=lp64 -mbranch-protection=pac-ret -mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=1288 -g -O2 -std=gnu11 -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-delete-null-pointer-checks -fno-allow-store-data-races -fstack-protector-strong -fno-omit-frame-pointer -fno-optimize-sibling-calls -ftrivial-auto-var-init=zero -fno-stack-clash-protection -falign-functions=4 -fstrict-flex-arrays=3 -fno-strict-overflow -fstack-check=no -fconserve-stack -fno-var-tracking -femit-struct-debug-baseonly -fstack-protector-strong___GFP_MEMALLOC_BITTCR2_EL1__dummy2CNTHV_CVAL_EL2__int128PMEVTYPER30_EL0__before_CNTV_CTL_EL0sign_extend64__after_ELR_EL1typePMCCFILTR_EL0unsigned char__list_add_validKMALLOC_CGROUP__key__before_TPIDR_EL2DACR32_EL2size_is_constantfalse__before_HDFGWTR_EL2__after_ZCR_EL1___GFP_WRITE_BIT__s64atomic_long_fetch_inc_relaxedAPGAKEYHI_EL1__kmalloc_indexaddrPERF_COUNT_SW_EMULATION_FAULTSlist_headKVM_DEV_TYPE_FSL_MPIC_20kvm_vfio_file_is_validESR_EL1ESR_EL2PMCCNTR_EL0TFSR_EL1HCR_EL2l_noELR_EL2__list_addZCR_EL1__before_VMPIDR_EL2CPTR_EL2__after_HCRX_EL2out_unlockkvm_unregister_device_ops___GFP_KSWAPD_RECLAIM_BITHAFGRTR_EL2__before_PIRE0_EL1__after_CNTV_CVAL_EL0PIR_EL1___GFP_NOFAIL_BITKVM_FAST_MMIO_BUS__mptrkvm_vfio_set_filePMUSERENR_EL0fputKMALLOC_RECLAIMKVM_DEV_TYPE_FSL_MPIC_42VMPIDR_EL2HDFGWTR_GROUPMPIDR_EL1___GFP_HARDWALL_BITZCR_EL2kvm_vfio_set_attr___GFP_HIGHMEM_BIT__after_PIR_EL1KMALLOC_RANDOM_STARTPERF_COUNT_SW_BPF_OUTPUTkvm_vfio_file_set_kvmPMINTENSET_EL1nextint32_tPMEVCNTR0_EL0atomic_long_t__gu_err__before_SPSR_EL1__before_HFGRTR_EL2__before_ACTLR_EL1PERF_COUNT_SW_CPU_CLOCKinstrument_atomic_read_writekvm_device_type__before_CNTP_CTL_EL0__compiletime_assert_143__before_HCRX_EL2arch/arm64/kvm/../../../virt/kvm/vfio.c/kernel/work/linux-6.11/kernel/work/linux-6.11arch/arm64/kvm/../../../virt/kvm./include/linux./arch/arm64/include/asm./include/asm-generic./include/asm-generic/bitops./include/linux/atomic./include/uapi/asm-generic./include/uapi/linuxvfio.cvfio.ckvm_host.hslab.hlist.huaccess.hcurrent.hbitops.haccess_ok.hfile.hthread_info.hgeneric-non-atomic.hfs.hatomic-instrumented.hatomic-long.hatomic-arch-fallback.hatomic.halternative-macros.hcpucaps.hatomic_lse.hatomic_ll_sc.hint-ll64.hint-ll64.hposix_types.htypes.hstddef.hgfp_types.hstack_pointer.hkvm.hperf_event.hkernel_read_file.hsecurity.hkvm_host.hmutex.hbug.hmodule.hinstrumented.hkcsan-checks.hkasan-checks.hkernel.hGCC: (Ubuntu 13.2.0-23ubuntu4) 13.2.0GNU x ,4A-A0C] A-A <A-A BT A-A T A-A DA-AP DG]KA-|A-AP BXAGhCAAA-AP -D A-A NAfCAA-AP -FCAAAIZ A SBA BA $(A-AFA-$ A-ADA- , ,AQbh|    tP !3A(Sk  }vfio.c$xkvm_vfio_has_attr$dkvm_vfio_update_coherency.isra.0kvm_vfio_createkvm_vfio_releasekvm_vfio_set_attrkvm_vfio_ops__key.0__already_done.1.L144721__symbol_put__symbol_getkmalloc_caches__kmalloc_cache_noprof__mutex_initfputkfree__fdgetmutex_lockmutex_unlockfgetalt_cb_patch_nops__warn_printkkvm_vfio_ops_initkvm_register_device_opskvm_vfio_ops_exitkvm_unregister_device_opsPTh&',(<(@)X\ `d h*00'&+ ,D,L,-.80@0P'l&t+|,/ 0HH$'D&T./++(x(x)$0(0H'd&``246 (h8  1$ (*1@6DKRWjxFu 9 ~p  &v-2 @EMQ]QivgA #} l" df & ,2A8>6 DJP V\ bU i ns pz\`G atl$8*06<BHNv TZa pv|3[ i L Y U 3'7 =CjIOUd[ agImQsyY%\=x I y%  } l!'+-{3 94?vEqKQ3W]EciGoI u[{ o j j  [g/qLzI ZT#))/k5 ;pABG=MS2 YU_ekqHw}? Q 0 /  f la uH3k  Sc%+~17 =tC1IOU[ abgms y:x 5 =!7 d + W  4! '-)3^9?EK?Q W ]! ci5omu {k OX c W (   S ' 3 @  K  W  c  p ~    &     < ' <H  d v  W   J     i 3  R { 0 0 .    ' : O 0_ t 0 $ 0  _  o   z  C ~O s +  h +  ^  ,?Gb"Di #De$$( 0"8*@PX%k0}0@&P<PQs3U][p[Xu6]   ! ); CZ by x   xWe}$08$73+M juxe   u';e HV^p 8'050C300.  (060DU'!Q:FSSlX:L eM { o * GS_ls }B< ,(:< EWd]r $ L#% -OF RL_ hy L&}  M #4@<LY{| -   5 g .  ]  )!D !*!;!G!BO!Yq!z!! !!!!S! ""$"J>"O"," "\""""",##A#3V#,^#>q#>#,#,#,#, $,4$L<$IR$Lg$P}$T"@&X*y.26:>BLQ#V*[5`<eCjMoWt`yl~s %0>FO[kq~ #,#0,d#h##h## .symtab.strtab.shstrtab.rela.text.rela.data.bss.rodata.str1.8.rela__ex_table.rela.altinstructions.rela__bug_table.rodata.str.data.once.rela.debug_info.debug_abbrev.rela.debug_aranges.debug_rnglists.rela.debug_line.debug_str.debug_line_str.comment.note.GNU-stack.note.gnu.property.rela.debug_frame @,@HgX+pP&@lx162J|E@m`Z U@xm0 p k@m0 |2$@m=E,`10@013 @0>=0M[0A^' h^h^ 3^.@hP`(& e@