syzbot

rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18:
null pointer dereference occurred
------------[ cut here ]------------
kernel BUG at rust/helpers/bug.c:7!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 62 Comm: kworker/0:2 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events p9_poll_workfn

RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 79 8c a3 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 33 48 ea 1c 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000d2f890 EFLAGS: 00010246
RAX: 000000000000005a RBX: 1ffff920001a5f14 RCX: 50d568fa9bc01600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc90000d2f890 R08: ffffc90000d2f587 R09: 1ffff920001a5eb0
R10: dffffc0000000000 R11: fffff520001a5eb1 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc90000d2f8c0 R15: ffffc90000d2f8f0
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5ea43d28f3 CR3: 000000012f6fe000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __rustc::rust_begin_unwind+0x15b/0x160 rust/kernel/lib.rs:128
 core::panicking::panic_nounwind_fmt::runtime usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:117 [inline]
 core::panicking::panic_nounwind_fmt+0xec/0xf0 usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/intrinsics/mod.rs:3241
 core::panicking::panic_null_pointer_dereference+0x49/0x4c usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:304
 <kernel::sync::poll::PollTable>::from_ptr+0x40/0x40 rust/kernel/sync/poll.rs:54
 rust_binder::rust_binder_poll+0xe2/0x570 drivers/android/binder/rust_binder.rs:475
 vfs_poll include/linux/poll.h:92 [inline]
 p9_fd_poll net/9p/trans_fd.c:236 [inline]
 p9_poll_mux net/9p/trans_fd.c:628 [inline]
 p9_poll_workfn+0x389/0x600 net/9p/trans_fd.c:1177
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x7d2/0x1020 kernel/workqueue.c:3319
 worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 79 8c a3 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 33 48 ea 1c 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000d2f890 EFLAGS: 00010246
RAX: 000000000000005a RBX: 1ffff920001a5f14 RCX: 50d568fa9bc01600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc90000d2f890 R08: ffffc90000d2f587 R09: 1ffff920001a5eb0
R10: dffffc0000000000 R11: fffff520001a5eb1 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc90000d2f8c0 R15: ffffc90000d2f8f0
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5ea43d28f3 CR3: 000000012f6fe000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400