On Sun, Jul 21, 2024 at 02:23:12PM GMT, Edward Adam Davis wrote: > syzbot call pidfd_ioctl() with cmd "PIDFD_GET_TIME_NAMESPACE" and disabled > CONFIG_TIME_NS, since time_ns is NULL, it will make NULL ponter deref in > open_namespace. > > Reported-and-tested-by: syzbot+34a0ee986f61f15da35d@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://syzkaller.appspot.com/bug?extid=34a0ee986f61f15da35d > Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> > --- Hm, nsproxy is really messy in that regard. Some namespaces will always be set to init_<type>_ns and others will be set to NULL. That's an invitation for bugs such as this. Imho the correct fix is to change nsproxy to always set nsp-><type>_ns to init_<type>_ns and no code ever needs to worry about dereferencing NULL. But that'll require more changes so this seems an appropriate fix for now.
