rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18:
null pointer dereference occurred
------------[ cut here ]------------
kernel BUG at rust/helpers/bug.c:7!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events p9_poll_workfn
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 6d ce 0a 1e 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 27 0a 43 92 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900000a7890 EFLAGS: 00010246
RAX: 000000000000005a RBX: 1ffff92000014f14 RCX: b04d4b9f70915900
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc900000a7890 R08: ffffc900000a7587 R09: 1ffff92000014eb0
R10: dffffc0000000000 R11: fffff52000014eb1 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900000a78c0 R15: ffffc900000a78f0
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000012924c000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __rustc::rust_begin_unwind+0x15b/0x160 rust/kernel/lib.rs:128
 core::panicking::panic_nounwind_fmt::runtime usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:117 [inline]
 core::panicking::panic_nounwind_fmt+0xec/0xf0 usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/intrinsics/mod.rs:3241
 core::panicking::panic_null_pointer_dereference+0x49/0x4c usr/local/rustup/toolchains/1.87.0-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:304
 <kernel::sync::poll::PollTable>::from_ptr+0x40/0x40 rust/kernel/sync/poll.rs:54
 rust_binder::rust_binder_poll+0xe2/0x570 drivers/android/binder/rust_binder.rs:475
 vfs_poll include/linux/poll.h:92 [inline]
 p9_fd_poll net/9p/trans_fd.c:236 [inline]
 p9_poll_mux net/9p/trans_fd.c:628 [inline]
 p9_poll_workfn+0x389/0x600 net/9p/trans_fd.c:1177
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x7d2/0x1020 kernel/workqueue.c:3319
 worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rust_helper_BUG+0x8/0x10 rust/helpers/bug.c:7
Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 6d ce 0a 1e 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 27 0a 43 92 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900000a7890 EFLAGS: 00010246
RAX: 000000000000005a RBX: 1ffff92000014f14 RCX: b04d4b9f70915900
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffffc900000a7890 R08: ffffc900000a7587 R09: 1ffff92000014eb0
R10: dffffc0000000000 R11: fffff52000014eb1 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900000a78c0 R15: ffffc900000a78f0
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556c7e3650 CR3: 000000010d3f4000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400