syzbot

 sign-in | mailing list | source | docs
🐞 Open [868]
🐞 Fixed [141]
🐞 Invalid [996]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all

Status: upstream: reported on 2024/06/04 09:15
Reported-by: syzbot+8613615616552a1b83b8@syzkaller.appspotmail.com
First crash: 604d, last: 11h57m
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all 10 3 560d 619d 0/3 auto-obsoleted due to no activity on 2024/10/26 12:47
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all (2) 10 30 167d 457d 0/3 auto-obsoleted due to no activity on 2025/11/22 19:01
upstream KASAN: slab-use-after-free Read in bq_xmit_all bpf net 19 C done 29 545d 559d 27/29 fixed on 2024/08/23 02:59

Sample crash report:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=000000011094f000
[0000000000000000] pgd=0800000135f4f003, p4d=0800000135f4f003, pud=0800000115ff2003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 6878 Comm: syz.4.644 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 82400805 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=-c)
pc : 0x0
lr : bond_xdp_xmit+0x280/0x46c drivers/net/bonding/bond_main.c:5584
sp : ffff8000211e7040
x29: ffff8000211e70e0 x28: 000000000000000f x27: dfff800000000000
x26: ffff70000423ce10 x25: ffff800012c21318 x24: ffff0000d5b60000
x23: fffffbffeffbab58 x22: ffff0000f3424000 x21: fffffbffeffbab58
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d7e60 x15: 0000000000000002
x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000
x11: 0000000000002e0b x10: ffff80002c047000 x9 : ffff8000211e7080
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000000
x2 : ffff8000211e70a0 x1 : 0000000000000001 x0 : ffff0000d5b60000
Call trace:
 0x0
 bq_xmit_all+0xaf8/0xf80 kernel/bpf/devmap.c:392
 bq_enqueue+0x288/0x30c kernel/bpf/devmap.c:457
 dev_map_enqueue_clone kernel/bpf/devmap.c:559 [inline]
 dev_map_enqueue_multi+0xa18/0xdf0 kernel/bpf/devmap.c:645
 __xdp_do_redirect_frame net/core/filter.c:4330 [inline]
 xdp_do_redirect_frame+0x3e4/0x578 net/core/filter.c:4395
 xdp_test_run_batch net/bpf/test_run.c:314 [inline]
 bpf_test_run_xdp_live+0x8b8/0x15d0 net/bpf/test_run.c:362
 bpf_prog_test_run_xdp+0x5fc/0xc88 net/bpf/test_run.c:1407
 bpf_prog_test_run+0x2dc/0x360 kernel/bpf/syscall.c:3695
 __sys_bpf+0x504/0x660 kernel/bpf/syscall.c:5048
 __do_sys_bpf kernel/bpf/syscall.c:5134 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5132 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5132
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: bad PC value
---[ end trace 0000000000000000 ]---

Crashes (111):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/29 03:15 linux-6.1.y cd9b81672742 0adc945e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/24 03:04 linux-6.1.y cd9b81672742 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/22 23:20 linux-6.1.y cd9b81672742 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/20 17:53 linux-6.1.y cd9b81672742 06648d9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/20 06:04 linux-6.1.y cd9b81672742 572effc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2026/01/18 02:19 linux-6.1.y cd9b81672742 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/12/03 16:53 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/24 18:36 linux-6.1.y f6e38ae624cf bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/20 18:35 linux-6.1.y f6e38ae624cf 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/20 01:25 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/19 17:53 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/19 17:53 linux-6.1.y f6e38ae624cf 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/11/14 19:45 linux-6.1.y f6e38ae624cf f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/30 12:27 linux-6.1.y f6e38ae624cf fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/27 19:40 linux-6.1.y 8e6e2188d949 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/22 09:46 linux-6.1.y 8e6e2188d949 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/20 21:06 linux-6.1.y 8e6e2188d949 d422939c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/10/12 19:30 linux-6.1.y 882efbdd9d34 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/24 00:19 linux-6.1.y 363a599da6d9 e667a34f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/22 18:08 linux-6.1.y 363a599da6d9 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/15 10:03 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/12 03:20 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/09/07 10:22 linux-6.1.y 28c695c365e1 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/19 18:59 linux-6.1.y 0bc96de781b4 254a27c1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/15 15:51 linux-6.1.y 0bc96de781b4 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/12 23:31 linux-6.1.y 3594f306da12 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/12 00:16 linux-6.1.y 3594f306da12 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/08 18:06 linux-6.1.y 3594f306da12 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/07 03:22 linux-6.1.y 3594f306da12 9a42d6b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/06 04:54 linux-6.1.y 3594f306da12 ffe1dd46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/05 15:46 linux-6.1.y 3594f306da12 37880f40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/08/02 05:09 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/31 21:47 linux-6.1.y 3594f306da12 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/30 01:32 linux-6.1.y 3594f306da12 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/25 03:39 linux-6.1.y 3594f306da12 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/19 01:15 linux-6.1.y 3369c6df2fae 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/17 01:53 linux-6.1.y f2198ea7eb3e 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/16 12:46 linux-6.1.y f2198ea7eb3e 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/10 22:09 linux-6.1.y dfc486ec9cce 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/06 15:39 linux-6.1.y 04d1ccaa9c28 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/04 05:36 linux-6.1.y 7e69c33e4858 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/07/02 09:57 linux-6.1.y 7e69c33e4858 bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/04 09:14 linux-6.1.y 88690811da69 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
* Struck through repros no longer work on HEAD.