syzbot

 sign-in | mailing list | source | docs
🐞 Open [895]
🐞 Fixed [141]
🐞 Invalid [1038]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all

Status: upstream: reported on 2024/06/04 09:15
Reported-by: syzbot+8613615616552a1b83b8@syzkaller.appspotmail.com
First crash: 652d, last: 10d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all 10 3 607d 667d 0/3 auto-obsoleted due to no activity on 2024/10/26 12:47
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all (2) 10 30 215d 505d 0/3 auto-obsoleted due to no activity on 2025/11/22 19:01
upstream KASAN: slab-use-after-free Read in bq_xmit_all bpf net 19 C done 29 593d 607d 27/29 fixed on 2024/08/23 02:59

Sample crash report:
System zones: 0-5
EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010eb83000
[0000000000000000] pgd=08000001125b1003, p4d=08000001125b1003, pud=080000012114c003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6771 Comm: syz.2.590 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
pstate: 82400805 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=-c)
pc : 0x0
lr : bond_xdp_xmit+0x280/0x46c drivers/net/bonding/bond_main.c:5600
sp : ffff800021297240
x29: ffff8000212972e0 x28: 000000000000000f x27: dfff800000000000
x26: ffff700004252e50 x25: ffff800012c31db8 x24: ffff0000d9314000
x23: fffffbffeff3cae0 x22: ffff0000d42f4000 x21: fffffbffeff3cae0
x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d7ca0 x15: 0000000000000002
x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000
x11: 00000000000028df x10: ffff8000271c9000 x9 : ffff800021297280
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000001
x2 : ffff8000212972a0 x1 : 0000000000000001 x0 : ffff0000d9314000
Call trace:
 0x0
 bq_xmit_all+0xaf8/0xf80 kernel/bpf/devmap.c:392
 __dev_flush+0xc4/0x18c kernel/bpf/devmap.c:422
 xdp_do_flush+0x14/0x28 net/core/filter.c:4228
 xdp_test_run_batch net/bpf/test_run.c:332 [inline]
 bpf_test_run_xdp_live+0x1150/0x15d0 net/bpf/test_run.c:362
 bpf_prog_test_run_xdp+0x5fc/0xc88 net/bpf/test_run.c:1412
 bpf_prog_test_run+0x2dc/0x360 kernel/bpf/syscall.c:3695
 __sys_bpf+0x504/0x660 kernel/bpf/syscall.c:5048
 __do_sys_bpf kernel/bpf/syscall.c:5134 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5132 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5132
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: bad PC value
---[ end trace 0000000000000000 ]---

Crashes (135):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/07 20:31 linux-6.1.y f2ddafa93a25 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/03/07 04:26 linux-6.1.y f2ddafa93a25 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/25 02:53 linux-6.1.y 779f9571ac3e 787dfb7c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/20 21:58 linux-6.1.y 779f9571ac3e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/20 09:29 linux-6.1.y 779f9571ac3e 17d780d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/19 21:25 linux-6.1.y 779f9571ac3e c8d8c52d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/18 20:12 linux-6.1.y 8ce36b2849ef 77d4d919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/17 19:32 linux-6.1.y 8ce36b2849ef 06ec4f7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/13 20:08 linux-6.1.y 8ce36b2849ef 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/13 07:55 linux-6.1.y 8ce36b2849ef 6a673c50 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/12 19:29 linux-6.1.y 8ce36b2849ef 504cb1bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/11 19:02 linux-6.1.y 8ce36b2849ef 75707236 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/10 02:49 linux-6.1.y 0182cb5b74ee 4ab09a02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/07 20:55 linux-6.1.y 0182cb5b74ee 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/06 01:20 linux-6.1.y cd9b81672742 f03c4191 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/04 01:23 linux-6.1.y cd9b81672742 42b01fab .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/02/01 06:58 linux-6.1.y cd9b81672742 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/31 03:51 linux-6.1.y cd9b81672742 c75a2f6e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/30 03:39 linux-6.1.y cd9b81672742 bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/29 03:15 linux-6.1.y cd9b81672742 0adc945e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/24 03:04 linux-6.1.y cd9b81672742 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/22 23:20 linux-6.1.y cd9b81672742 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/20 17:53 linux-6.1.y cd9b81672742 06648d9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/20 06:04 linux-6.1.y cd9b81672742 572effc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/18 02:19 linux-6.1.y cd9b81672742 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/12/03 16:53 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/24 18:36 linux-6.1.y f6e38ae624cf bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/20 18:35 linux-6.1.y f6e38ae624cf 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/20 01:25 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/19 17:53 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/19 17:53 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/14 19:45 linux-6.1.y f6e38ae624cf f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/30 12:27 linux-6.1.y f6e38ae624cf fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/27 19:40 linux-6.1.y 8e6e2188d949 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/22 09:46 linux-6.1.y 8e6e2188d949 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/20 21:06 linux-6.1.y 8e6e2188d949 d422939c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/12 19:30 linux-6.1.y 882efbdd9d34 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/24 00:19 linux-6.1.y 363a599da6d9 e667a34f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/22 18:08 linux-6.1.y 363a599da6d9 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/15 10:03 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/12 03:20 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/07 10:22 linux-6.1.y 28c695c365e1 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/19 18:59 linux-6.1.y 0bc96de781b4 254a27c1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/15 15:51 linux-6.1.y 0bc96de781b4 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/04 09:14 linux-6.1.y 88690811da69 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
* Struck through repros no longer work on HEAD.