syzbot

 sign-in | mailing list | source | docs
🐞 Open [926]
🐞 Fixed [144]
🐞 Invalid [1145]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all

Status: upstream: reported on 2024/06/04 09:15
Reported-by: syzbot+8613615616552a1b83b8@syzkaller.appspotmail.com
First crash: 746d, last: 11d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all 10 3 702d 761d 0/3 auto-obsoleted due to no activity on 2024/10/26 12:47
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all (2) 10 30 310d 599d 0/3 auto-obsoleted due to no activity on 2025/11/22 19:01
upstream KASAN: slab-use-after-free Read in bq_xmit_all bpf net 19 C done 29 688d 701d 27/29 fixed on 2024/08/23 02:59

Sample crash report:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000110731000
[0000000000000000] pgd=0800000118f97003, p4d=0800000118f97003, pud=080000010bc90003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 9079 Comm: syz.5.1092 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400805 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=-c)
pc : 0x0
lr : bond_xdp_xmit+0x280/0x46c drivers/net/bonding/bond_main.c:5664
sp : ffff800022577040
x29: ffff8000225770e0 x28: 000000000000000f x27: dfff800000000000
x26: ffff7000044aee10 x25: ffff800012c546f8 x24: ffff0000ca6cc000
x23: fffffbffefe79000 x22: ffff0000d12f0000 x21: fffffbffefe79000
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d8944 x15: 0000000000000002
x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000
x11: 0000000000003188 x10: ffff800021b1a000 x9 : ffff800022577080
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000000
x2 : ffff8000225770a0 x1 : 0000000000000001 x0 : ffff0000ca6cc000
Call trace:
 0x0
 bq_xmit_all+0xaf8/0xf80 kernel/bpf/devmap.c:392
 bq_enqueue+0x288/0x30c kernel/bpf/devmap.c:457
 dev_map_enqueue_multi+0xbbc/0xcc8 kernel/bpf/devmap.c:664
 __xdp_do_redirect_frame net/core/filter.c:4350 [inline]
 xdp_do_redirect_frame+0x3e4/0x578 net/core/filter.c:4415
 xdp_test_run_batch net/bpf/test_run.c:314 [inline]
 bpf_test_run_xdp_live+0x8b8/0x15d0 net/bpf/test_run.c:362
 bpf_prog_test_run_xdp+0x5fc/0xc88 net/bpf/test_run.c:1457
 bpf_prog_test_run+0x2dc/0x360 kernel/bpf/syscall.c:3695
 __sys_bpf+0x504/0x660 kernel/bpf/syscall.c:5049
 __do_sys_bpf kernel/bpf/syscall.c:5135 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5133 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5133
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x290 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: bad PC value
---[ end trace 0000000000000000 ]---

Crashes (178):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/09 16:13 linux-6.1.y 228da13e907e c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/06/06 12:35 linux-6.1.y 228da13e907e cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/06/05 16:17 linux-6.1.y 228da13e907e 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/27 01:03 linux-6.1.y dcbcab9d7079 2b01f00e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/25 18:02 linux-6.1.y dcbcab9d7079 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/23 16:55 linux-6.1.y dcbcab9d7079 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/22 23:31 linux-6.1.y c27210688955 5f091fcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/22 17:33 linux-6.1.y c27210688955 5f091fcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/21 16:06 linux-6.1.y c27210688955 e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/19 14:24 linux-6.1.y c27210688955 223544dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/17 01:05 linux-6.1.y c27210688955 de5aae85 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/16 00:57 linux-6.1.y c27210688955 81fb92f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/16 00:57 linux-6.1.y c27210688955 81fb92f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/15 19:23 linux-6.1.y c27210688955 9cd3beaa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/15 01:11 linux-6.1.y ad16b162f21d 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/14 01:00 linux-6.1.y ad16b162f21d 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/13 13:11 linux-6.1.y ad16b162f21d fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/12 23:58 linux-6.1.y ad16b162f21d a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/12 12:03 linux-6.1.y ad16b162f21d 07aeade5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/11 23:18 linux-6.1.y ad16b162f21d d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/10 05:20 linux-6.1.y 128a674368bf 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/09 19:05 linux-6.1.y 128a674368bf 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/07 16:09 linux-6.1.y 4931e0e1673d cbf9e0fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/05/02 23:30 linux-6.1.y 4931e0e1673d a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/04/30 04:43 linux-6.1.y 7c87defbd336 005438fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/04/07 09:56 linux-6.1.y 1989cd3d56e2 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/03/20 01:50 linux-6.1.y f2ddafa93a25 bd6dcb30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/03/07 20:31 linux-6.1.y f2ddafa93a25 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/03/07 04:26 linux-6.1.y f2ddafa93a25 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/25 02:53 linux-6.1.y 779f9571ac3e 787dfb7c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/20 21:58 linux-6.1.y 779f9571ac3e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/20 09:29 linux-6.1.y 779f9571ac3e 17d780d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/19 21:25 linux-6.1.y 779f9571ac3e c8d8c52d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/18 20:12 linux-6.1.y 8ce36b2849ef 77d4d919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/17 19:32 linux-6.1.y 8ce36b2849ef 06ec4f7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/13 20:08 linux-6.1.y 8ce36b2849ef 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/13 07:55 linux-6.1.y 8ce36b2849ef 6a673c50 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/12 19:29 linux-6.1.y 8ce36b2849ef 504cb1bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/11 19:02 linux-6.1.y 8ce36b2849ef 75707236 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/10 02:49 linux-6.1.y 0182cb5b74ee 4ab09a02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/07 20:55 linux-6.1.y 0182cb5b74ee 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/06 01:20 linux-6.1.y cd9b81672742 f03c4191 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/04 01:23 linux-6.1.y cd9b81672742 42b01fab .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/01 06:58 linux-6.1.y cd9b81672742 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/31 03:51 linux-6.1.y cd9b81672742 c75a2f6e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/30 03:39 linux-6.1.y cd9b81672742 bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/04 09:14 linux-6.1.y 88690811da69 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
* Struck through repros no longer work on HEAD.