FYI, we noticed the following commit (built with gcc-6): commit: 92114220fe6a374172e99261b6451c515d29c8dc ("[PATCH] kernel: prevent submission of creds with higher privileges inside container") url: https://github.com/0day-ci/linux/commits/My-Name/kernel-prevent-submissio... in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -m 256M caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+-----------+------------+ | | v4.19-rc3 | 92114220fe | +------------------------------------------+-----------+------------+ | boot_successes | 8 | 0 | | boot_failures | 0 | 6 | | BUG:unable_to_handle_kernel | 0 | 6 | | Oops:#[##] | 0 | 6 | | RIP:commit_creds | 0 | 6 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | +------------------------------------------+-----------+------------+ [ 53.586547] BUG: unable to handle kernel NULL pointer dereference at 00000000000006c0 [ 53.588054] PGD 0 P4D 0 [ 53.588564] Oops: 0000 [#1] PTI [ 53.589180] CPU: 0 PID: 1 Comm: init Not tainted 4.19.0-rc3-00001-g9211422 #1 [ 53.590544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 53.592139] RIP: 0010:commit_creds+0x51/0x410 [ 53.592988] Code: 08 81 ba b0 01 00 00 fe ff ff ef 74 11 8b 43 04 39 47 04 0f 83 9c 00 00 00 e9 c2 03 00 00 48 8b 50 10 48 83 05 67 82 5a 02 01 <81> ba c0 06 00 00 ff ff ff ef 75 d7 48 8b 50 18 48 83 05 57 82 5a [ 53.596525] RSP: 0000:ffffc9000000bd10 EFLAGS: 00010202 [ 53.597526] RAX: ffffffff82ca3060 RBX: ffff88000f02eb40 RCX: ffff88000f0399c8 [ 53.598883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88000b2a53c0 [ 53.600235] RBP: ffff88000bd66800 R08: ffff88000f030740 R09: 00000000008fb60c [ 53.601587] R10: 00000000e0098d8b R11: 0000000010c12b46 R12: ffff88000f030040 [ 53.602936] R13: ffffc90000008000 R14: ffff88000cd07500 R15: 0000000000000001 [ 53.604285] FS: 0000000000000000(0000) GS:ffffffff82c5b000(0000) knlGS:0000000000000000 [ 53.605813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.606906] CR2: 00000000000006c0 CR3: 000000000c6f6000 CR4: 00000000000406b0 [ 53.608264] Call Trace: [ 53.608762] install_exec_creds+0x25/0xa0 [ 53.609544] load_elf_binary+0x544/0x1e72 [ 53.610324] ? __lock_acquire+0xdbb/0x1030 [ 53.611234] ? find_held_lock+0x35/0xd0 [ 53.611982] ? __lock_acquire+0xdbb/0x1030 [ 53.612891] ? find_held_lock+0x35/0xd0 [ 53.613639] ? search_binary_handler+0x83/0x180 [ 53.614512] search_binary_handler+0x98/0x180 [ 53.615356] load_script+0x348/0x370 [ 53.616058] search_binary_handler+0x98/0x180 [ 53.616906] __do_execve_file+0x7d3/0xaa0 [ 53.617804] do_execve+0x24/0x30 [ 53.618439] run_init_process+0x50/0x60 [ 53.619184] ? rest_init+0x1a0/0x1a0 [ 53.619885] kernel_init+0xca/0x1e0 [ 53.620573] ret_from_fork+0x35/0x40 [ 53.621264] CR2: 00000000000006c0 [ 53.621969] ---[ end trace 3c2bcf9b443a9ddd ]--- To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, lkp