syzbot

 sign-in | mailing list | source | docs
🐞 Open [745]
🐞 Fixed [120]
🐞 Invalid [783]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all

Status: upstream: reported on 2024/06/04 09:15
Reported-by: syzbot+8613615616552a1b83b8@syzkaller.appspotmail.com
First crash: 383d, last: 1d02h
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all 3 338d 397d 0/3 auto-obsoleted due to no activity on 2024/10/26 12:47
linux-5.15 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all (2) 22 17d 236d 0/3 upstream: reported on 2024/10/29 09:51
upstream KASAN: slab-use-after-free Read in bq_xmit_all bpf net C done 29 324d 338d 27/29 fixed on 2024/08/23 02:59

Sample crash report:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000113f89000
[0000000000000000] pgd=080000011a0fa003, p4d=080000011a0fa003, pud=080000011a259003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 9784 Comm: syz.2.1388 Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0x0
lr : bond_xdp_xmit+0x27c/0x45c drivers/net/bonding/bond_main.c:5589
sp : ffff800020ae7020
x29: ffff800020ae70e0 x28: 000000000000000f x27: ffff800020ae7048
x26: dfff800000000000 x25: ffff800013a6cf58 x24: ffff0000d15b4000
x23: fffffbffeff98788 x22: ffff0000dec78000 x21: fffffbffeff98788
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d0750 x15: 0000000000000002
x14: 0000000000000001 x13: 0000000000ff0100 x12: 0000000000080000
x11: 00000000000021e0 x10: ffff80002373a000 x9 : ffff800020ae7080
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : 0000000000000000
x2 : ffff800020ae70a0 x1 : 0000000000000001 x0 : ffff0000d15b4000
Call trace:
 0x0
 bq_xmit_all+0xab0/0xf10 kernel/bpf/devmap.c:392
 bq_enqueue+0x288/0x30c kernel/bpf/devmap.c:457
 dev_map_enqueue_multi+0xc30/0xd8c kernel/bpf/devmap.c:656
 __xdp_do_redirect_frame net/core/filter.c:4326 [inline]
 xdp_do_redirect_frame+0x3e4/0x578 net/core/filter.c:4391
 xdp_test_run_batch net/bpf/test_run.c:314 [inline]
 bpf_test_run_xdp_live+0x840/0x1544 net/bpf/test_run.c:362
 bpf_prog_test_run_xdp+0x560/0xb88 net/bpf/test_run.c:1390
 bpf_prog_test_run+0x2dc/0x364 kernel/bpf/syscall.c:3685
 __sys_bpf+0x4ec/0x634 kernel/bpf/syscall.c:5038
 __do_sys_bpf kernel/bpf/syscall.c:5124 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5122 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5122
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: bad PC value
---[ end trace 0000000000000000 ]---

Crashes (58):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/21 07:43 linux-6.1.y 58485ff1a74f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/18 01:23 linux-6.1.y 58485ff1a74f e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/17 07:43 linux-6.1.y 58485ff1a74f cfebc887 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/16 18:58 linux-6.1.y 58485ff1a74f d1716036 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/14 22:12 linux-6.1.y 58485ff1a74f 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/13 14:52 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/06/11 22:38 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/28 21:23 linux-6.1.y da3c5173c55f 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/23 20:30 linux-6.1.y da3c5173c55f f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/15 20:48 linux-6.1.y 02b72ccb5f9d cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/09 14:02 linux-6.1.y 02b72ccb5f9d bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/08 20:49 linux-6.1.y ac7079a42ea5 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/06 07:56 linux-6.1.y ac7079a42ea5 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/05 18:21 linux-6.1.y ac7079a42ea5 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/02 21:23 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/02 14:00 linux-6.1.y b6736e03756f d7f099d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/01 02:54 linux-6.1.y 535ec20c5027 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/05/01 02:54 linux-6.1.y 535ec20c5027 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/30 00:46 linux-6.1.y 535ec20c5027 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/30 00:43 linux-6.1.y 535ec20c5027 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/30 00:42 linux-6.1.y 535ec20c5027 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/27 06:07 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/27 02:42 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/19 03:16 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/18 16:56 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/04/13 06:55 linux-6.1.y 420102835862 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/03/19 08:58 linux-6.1.y 344a09659766 8d0a2921 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/03/16 04:21 linux-6.1.y 344a09659766 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/03/11 19:36 linux-6.1.y 6ae7ac5c4251 16256247 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/03/10 21:04 linux-6.1.y 6ae7ac5c4251 16256247 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/02/11 20:36 linux-6.1.y 0cbb5f65e52f f2baddf5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/02/03 16:24 linux-6.1.y 0cbb5f65e52f a21a8419 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/01/30 20:52 linux-6.1.y 75cefdf153f5 4c6ac32f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2025/01/10 09:15 linux-6.1.y c63962be84ef 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/12/20 00:36 linux-6.1.y 29f02ec58a94 5905cb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/10/25 20:47 linux-6.1.y 7ec6f9fa3d97 045e728d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/10/23 05:55 linux-6.1.y 7ec6f9fa3d97 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/09/05 04:47 linux-6.1.y 699506173494 dfbe2ed4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/09/05 04:46 linux-6.1.y 699506173494 dfbe2ed4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/09/03 07:27 linux-6.1.y 311d8503ef9f 8045124c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/30 15:14 linux-6.1.y 311d8503ef9f ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/23 21:13 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/23 21:13 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/23 08:55 linux-6.1.y ee5e09825b81 ce8a9099 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/23 08:55 linux-6.1.y ee5e09825b81 ce8a9099 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/17 09:50 linux-6.1.y 117ac406ba90 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/06 18:21 linux-6.1.y 48d525b0e463 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/05 10:36 linux-6.1.y 48d525b0e463 e35c337f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/08/03 15:13 linux-6.1.y 48d525b0e463 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/07/09 18:51 linux-6.1.y 7753af06eebf 79d68ada .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/15 06:24 linux-6.1.y ae9f2a70d69e f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/11 17:25 linux-6.1.y 88690811da69 b7d9eb04 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/05 21:23 linux-6.1.y 88690811da69 5aa1a7c9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
2024/06/04 09:14 linux-6.1.y 88690811da69 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel NULL pointer dereference in bq_xmit_all
* Struck through repros no longer work on HEAD.