Extracting prog: 39.302907437s
Minimizing prog: 29m20.153873702s
Simplifying prog options: 0s
Extracting C: 42.885022611s
Simplifying C: 12m39.257369897s


extracting reproducer from 66 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-syz_clone3-ioctl$int_in-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ-ioctl$KVM_SET_MSRS-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000b40)={0x2000000, &(0x7f0000000880)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$int_in(r7, 0x5452, &(0x7f0000000000)=0x8)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000680)={0x7, 0x0, [{0x8ca, 0x0, 0x5}, {0x819, 0x0, 0x6}, {0x9e3, 0x0, 0x8000000000000000}, {0xb4b, 0x0, 0x5}, {0x391, 0x0, 0xffffffffffffffe7}, {0x94a, 0x0, 0x8}, {0xb3b, 0x0, 0x7}]})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x10, 0x0, &(0x7f0000000600)=[@request_death], 0x0, 0x0, 0x0})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
single: successfully extracted reproducer
found reproducer with 21 syscalls
minimizing guilty program
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-syz_clone3-ioctl$int_in-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000b40)={0x2000000, &(0x7f0000000880)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$int_in(r7, 0x5452, &(0x7f0000000000)=0x8)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000680)={0x7, 0x0, [{0x8ca, 0x0, 0x5}, {0x819, 0x0, 0x6}, {0x9e3, 0x0, 0x8000000000000000}, {0xb4b, 0x0, 0x5}, {0x391, 0x0, 0xffffffffffffffe7}, {0x94a, 0x0, 0x8}, {0xb3b, 0x0, 0x7}]})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-syz_clone3-ioctl$int_in-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000b40)={0x2000000, &(0x7f0000000880)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$int_in(r7, 0x5452, &(0x7f0000000000)=0x8)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-syz_clone3-ioctl$int_in-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000b40)={0x2000000, &(0x7f0000000880)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$int_in(r7, 0x5452, &(0x7f0000000000)=0x8)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-syz_clone3-ioctl$int_in-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000b40)={0x2000000, &(0x7f0000000880)=<r6=>0xffffffffffffffff, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$int_in(r6, 0x5452, &(0x7f0000000000)=0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-syz_clone3-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000b40)={0x2000000, &(0x7f0000000880), 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-ioctl$BLKPG-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000003c0)={0x3, 0x0, 0x98, &(0x7f0000000300)={0x10001, 0x8, 0xe}})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$rnullb-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-ioctl$TCGETS-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f0000000d00))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-ioctl$KVM_TPR_ACCESS_REPORTING-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000100)={0x5, 0x23000000})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-ioctl$KVM_CREATE_VCPU-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-sendmsg$AUDIT_USER-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r2, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xac, 0x3ed, 0x200, 0x70bd2d, 0x25dfdbfc, "5bb86849d53d340095a5057321eea24c890b975af1f77abe77b1606327809e7af1c8ca068f6f6ec45953627a72e12115d1429aebae8a333a45c01cc81f52c7c4509fff00ba6694da87ef4827e6eb30a036fe87c6bf433f240b1492c8d104e9f7508669131a69a6c8f9474103124b47ba97439a02f5c9b27742095ceea6d69c694fbb4ae25b5c814de6b93266aae83778d838ac1e2a8d04d41885cf", ["", "", "", "", ""]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0xd79a6a203da2b172)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_audit-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-ioctl$KVM_CREATE_VM-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$kvm-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-openat$binderfs-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_GET_DIRTY_LOG-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_USER_MEMORY_REGION-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)={0x30, 0x30, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000540), 0x73, 0x0, &(0x7f0000000580)="81210de119ce19ca8aa118216a64c172bc60cafb12c14bf0bf22c39f502f2904f929d2697f2b157007990b382fc728af7ef34ac7e5531c7f9716e0a0b2fff7a125128e3605112ee4067114b7e58e0f3062d3bd97b3309824c1baf0d37632c0ad74dc584ac0bdf10bd022a29a5f7e70d5aff9db"})

program did not crash
testing program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x24, 0x0, &(0x7f0000000540)=[@release={0x40046306, 0x3}, @increfs_done, @decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0})

program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
extracting C reproducer
testing compiled C program (duration=31.865534143s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
simplifying C reproducer
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program did not crash
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program did not crash
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
testing compiled C program (duration=31.865534143s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-mmap$binder-openat$binderfs-ioctl$BINDER_WRITE_READ-ioctl$BINDER_WRITE_READ
program crashed: attempt to subtract with overflow in <rust_binder::process::Process>::update_ref
reproducing took 43m21.599210626s
repro crashed as (corrupted=false):
rust_binder: inc_ref_done called when no active inc_refs
rust_kernel: panicked at drivers/android/binder/node.rs:877:13:
attempt to subtract with overflow
------------[ cut here ]------------
kernel BUG at rust/helpers/bug.c:7!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 291 Comm: syz-executor162 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 3f 0f 8b e2 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 75 cb c2 6e 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900011cda90 EFLAGS: 00010246
RAX: 0000000000000061 RBX: 1ffff92000239b54 RCX: f0ce3b6a9d74ef00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc900011cda90 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000239ab8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900011cdac0 R15: ffffc900011cdaf0
FS:  000055557ffdb380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee889efd10 CR3: 000000012de5e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __rustc::rust_begin_unwind+0x15b/0x160 rust/kernel/lib.rs:128
 core::panicking::panic_fmt+0x84/0x90 usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:75
 core::panicking::panic_const::panic_const_sub_overflow+0xb2/0xc0 usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:178
 <rust_binder::node::NodeRef>::update drivers/android/binder/node.rs:877 [inline]
 <rust_binder::process::Process>::update_ref+0x17e5/0x1860 drivers/android/binder/process.rs:913
 <rust_binder::thread::Thread>::write drivers/android/binder/thread.rs:1470 [inline]
 <rust_binder::thread::Thread>::write_read+0x278d/0x9d20 drivers/android/binder/thread.rs:1581
 <rust_binder::process::Process>::ioctl_write_read drivers/android/binder/process.rs:1535 [inline]
 <rust_binder::process::Process>::ioctl+0x411/0x2c20 drivers/android/binder/process.rs:1596
 rust_binder::rust_binder_unlocked_ioctl+0xa0/0x100 drivers/android/binder/rust_binder.rs:445
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x132/0x1b0 fs/ioctl.c:893
 __x64_sys_ioctl+0x7f/0xa0 fs/ioctl.c:893
 x64_sys_call+0x1878/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fee889b6349
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffeaa49c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fee889b6349
RDX: 0000200000000640 RSI: 00000000c0306201 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000055557ffdc610 R09: 000055557ffdc610
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 3f 0f 8b e2 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 75 cb c2 6e 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900011cda90 EFLAGS: 00010246
RAX: 0000000000000061 RBX: 1ffff92000239b54 RCX: f0ce3b6a9d74ef00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc900011cda90 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000239ab8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900011cdac0 R15: ffffc900011cdaf0
FS:  000055557ffdb380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee889efd10 CR3: 000000012de5e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
rust_binder: inc_ref_done called when no active inc_refs
rust_kernel: panicked at drivers/android/binder/node.rs:877:13:
attempt to subtract with overflow
------------[ cut here ]------------
kernel BUG at rust/helpers/bug.c:7!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 291 Comm: syz-executor162 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 3f 0f 8b e2 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 75 cb c2 6e 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900011cda90 EFLAGS: 00010246
RAX: 0000000000000061 RBX: 1ffff92000239b54 RCX: f0ce3b6a9d74ef00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc900011cda90 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000239ab8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900011cdac0 R15: ffffc900011cdaf0
FS:  000055557ffdb380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee889efd10 CR3: 000000012de5e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __rustc::rust_begin_unwind+0x15b/0x160 rust/kernel/lib.rs:128
 core::panicking::panic_fmt+0x84/0x90 usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:75
 core::panicking::panic_const::panic_const_sub_overflow+0xb2/0xc0 usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:178
 <rust_binder::node::NodeRef>::update drivers/android/binder/node.rs:877 [inline]
 <rust_binder::process::Process>::update_ref+0x17e5/0x1860 drivers/android/binder/process.rs:913
 <rust_binder::thread::Thread>::write drivers/android/binder/thread.rs:1470 [inline]
 <rust_binder::thread::Thread>::write_read+0x278d/0x9d20 drivers/android/binder/thread.rs:1581
 <rust_binder::process::Process>::ioctl_write_read drivers/android/binder/process.rs:1535 [inline]
 <rust_binder::process::Process>::ioctl+0x411/0x2c20 drivers/android/binder/process.rs:1596
 rust_binder::rust_binder_unlocked_ioctl+0xa0/0x100 drivers/android/binder/rust_binder.rs:445
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x132/0x1b0 fs/ioctl.c:893
 __x64_sys_ioctl+0x7f/0xa0 fs/ioctl.c:893
 x64_sys_call+0x1878/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fee889b6349
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffeaa49c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fee889b6349
RDX: 0000200000000640 RSI: 00000000c0306201 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000055557ffdc610 R09: 000055557ffdc610
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 3f 0f 8b e2 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 75 cb c2 6e 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900011cda90 EFLAGS: 00010246
RAX: 0000000000000061 RBX: 1ffff92000239b54 RCX: f0ce3b6a9d74ef00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc900011cda90 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000239ab8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900011cdac0 R15: ffffc900011cdaf0
FS:  000055557ffdb380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee889efd10 CR3: 000000012de5e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400