syzbot

 sign-in | mailing list | source | docs
🐞 Open [827]
🐞 Fixed [136]
🐞 Invalid [939]
Missing Backports [79]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all

Status: upstream: reported on 2024/06/04 09:15
Reported-by: syzbot+8613615616552a1b83b8@syzkaller.appspotmail.com
First crash: 540d, last: 2d04h
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all 10 3 496d 555d 0/3 auto-obsoleted due to no activity on 2024/10/26 12:47
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all (2) 10 30 104d 393d 0/3 auto-obsoleted due to no activity on 2025/11/22 19:01
upstream KASAN: slab-use-after-free Read in bq_xmit_all net bpf 19 C done 29 482d 495d 27/29 fixed on 2024/08/23 02:59

Sample crash report:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010b281000
[0000000000000000] pgd=080000013d715003, p4d=080000013d715003, pud=0800000118ae2003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 8030 Comm: syz.2.952 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 82400805 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=-c)
pc : 0x0
lr : bond_xdp_xmit+0x27c/0x45c drivers/net/bonding/bond_main.c:5584
sp : ffff8000222b7020
x29: ffff8000222b70e0 x28: 000000000000000f x27: ffff8000222b7048
x26: dfff800000000000 x25: ffff800012b67cd8 x24: ffff0000dbab8000
x23: fffffbffeff98df0 x22: ffff0000d9988000 x21: fffffbffeff98df0
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d10fc x15: 0000000000000002
x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000
x11: 0000000000004cc1 x10: ffff8000298ed000 x9 : ffff8000222b7080
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000000
x2 : ffff8000222b70a0 x1 : 0000000000000001 x0 : ffff0000dbab8000
Call trace:
 0x0
 bq_xmit_all+0xab0/0xf10 kernel/bpf/devmap.c:392
 bq_enqueue+0x288/0x30c kernel/bpf/devmap.c:457
 dev_map_enqueue_clone kernel/bpf/devmap.c:559 [inline]
 dev_map_enqueue_multi+0x9c8/0xd8c kernel/bpf/devmap.c:645
 __xdp_do_redirect_frame net/core/filter.c:4329 [inline]
 xdp_do_redirect_frame+0x3e4/0x578 net/core/filter.c:4394
 xdp_test_run_batch net/bpf/test_run.c:314 [inline]
 bpf_test_run_xdp_live+0x840/0x1544 net/bpf/test_run.c:362
 bpf_prog_test_run_xdp+0x560/0xb88 net/bpf/test_run.c:1390
 bpf_prog_test_run+0x2dc/0x364 kernel/bpf/syscall.c:3692
 __sys_bpf+0x4ec/0x634 kernel/bpf/syscall.c:5045
 __do_sys_bpf kernel/bpf/syscall.c:5131 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5129 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5129
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: bad PC value
---[ end trace 0000000000000000 ]---

Crashes (104):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/24 18:36 linux-6.1.y f6e38ae624cf bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/20 18:35 linux-6.1.y f6e38ae624cf 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/20 01:25 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/19 17:53 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/19 17:53 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/14 19:45 linux-6.1.y f6e38ae624cf f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/30 12:27 linux-6.1.y f6e38ae624cf fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/27 19:40 linux-6.1.y 8e6e2188d949 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/22 09:46 linux-6.1.y 8e6e2188d949 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/20 21:06 linux-6.1.y 8e6e2188d949 d422939c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/12 19:30 linux-6.1.y 882efbdd9d34 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/24 00:19 linux-6.1.y 363a599da6d9 e667a34f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/22 18:08 linux-6.1.y 363a599da6d9 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/15 10:03 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/12 03:20 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/07 10:22 linux-6.1.y 28c695c365e1 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/19 18:59 linux-6.1.y 0bc96de781b4 254a27c1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/15 15:51 linux-6.1.y 0bc96de781b4 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/12 23:31 linux-6.1.y 3594f306da12 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/12 00:16 linux-6.1.y 3594f306da12 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/08 18:06 linux-6.1.y 3594f306da12 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/07 03:22 linux-6.1.y 3594f306da12 9a42d6b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/06 04:54 linux-6.1.y 3594f306da12 ffe1dd46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/05 15:46 linux-6.1.y 3594f306da12 37880f40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/02 05:09 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/31 21:47 linux-6.1.y 3594f306da12 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/30 01:32 linux-6.1.y 3594f306da12 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/25 03:39 linux-6.1.y 3594f306da12 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/19 01:15 linux-6.1.y 3369c6df2fae 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/17 01:53 linux-6.1.y f2198ea7eb3e 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/16 12:46 linux-6.1.y f2198ea7eb3e 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/10 22:09 linux-6.1.y dfc486ec9cce 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/06 15:39 linux-6.1.y 04d1ccaa9c28 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/04 05:36 linux-6.1.y 7e69c33e4858 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/02 09:57 linux-6.1.y 7e69c33e4858 bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/01 00:11 linux-6.1.y 7e69c33e4858 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/26 09:24 linux-6.1.y 58485ff1a74f 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/24 23:53 linux-6.1.y 58485ff1a74f 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/21 07:43 linux-6.1.y 58485ff1a74f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/18 01:23 linux-6.1.y 58485ff1a74f e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/17 07:43 linux-6.1.y 58485ff1a74f cfebc887 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/16 18:58 linux-6.1.y 58485ff1a74f d1716036 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/14 22:12 linux-6.1.y 58485ff1a74f 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/13 14:52 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/11 22:38 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/04 09:14 linux-6.1.y 88690811da69 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
* Struck through repros no longer work on HEAD.