CVE-2023-53831

In the Linux kernel, the following vulnerability has been resolved:

net: read sk->skfamily once in skmc_loop()

syzbot is playing with IPV6ADDRFORM quite a lot these days, and managed to hit the WARNONONCE(1) in skmc_loop()

We have many more similar issues to fix.

WARNING: CPU: 1 PID: 1593 at net/core/sock.c:782 skmcloop+0x165/0x260 Modules linked in: CPU: 1 PID: 1593 Comm: kworker/1:3 Not tainted 6.1.40-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Workqueue: eventspowerefficient gcworker RIP: 0010:skmcloop+0x165/0x260 net/core/sock.c:782 Code: 34 1b fd 49 81 c7 18 05 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 25 36 6d fd 4d 8b 37 eb 13 e8 db 33 1b fd <0f> 0b b3 01 eb 34 e8 d0 33 1b fd 45 31 f6 49 83 c6 38 4c 89 f0 48 RSP: 0018:ffffc90000388530 EFLAGS: 00010246 RAX: ffffffff846d9b55 RBX: 0000000000000011 RCX: ffff88814f884980 RDX: 0000000000000102 RSI: ffffffff87ae5160 RDI: 0000000000000011 RBP: ffffc90000388550 R08: 0000000000000003 R09: ffffffff846d9a65 R10: 0000000000000002 R11: ffff88814f884980 R12: dffffc0000000000 R13: ffff88810dbee000 R14: 0000000000000010 R15: ffff888150084000 FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000180 CR3: 000000014ee5b000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> [<ffffffff8507734f>] ip6finishoutput2+0x33f/0x1ae0 net/ipv6/ip6output.c:83 [<ffffffff85062766>] __ip6finishoutput net/ipv6/ip6output.c:200 [inline] [<ffffffff85062766>] ip6finishoutput+0x6c6/0xb10 net/ipv6/ip6output.c:211 [<ffffffff85061f8c>] NFHOOKCOND include/linux/netfilter.h:298 [inline] [<ffffffff85061f8c>] ip6output+0x2bc/0x3d0 net/ipv6/ip6output.c:232 [<ffffffff852071cf>] dstoutput include/net/dst.h:444 [inline] [<ffffffff852071cf>] ip6localout+0x10f/0x140 net/ipv6/outputcore.c:161 [<ffffffff83618fb4>] ipvlanprocessv6outbound drivers/net/ipvlan/ipvlancore.c:483 [inline] [<ffffffff83618fb4>] ipvlanprocessoutbound drivers/net/ipvlan/ipvlancore.c:529 [inline] [<ffffffff83618fb4>] ipvlanxmitmodel3 drivers/net/ipvlan/ipvlancore.c:602 [inline] [<ffffffff83618fb4>] ipvlanqueuexmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlancore.c:677 [<ffffffff8361ddd9>] ipvlanstartxmit+0x49/0x100 drivers/net/ipvlan/ipvlanmain.c:229 [<ffffffff84763fc0>] netdevstartxmit include/linux/netdevice.h:4925 [inline] [<ffffffff84763fc0>] xmitone net/core/dev.c:3644 [inline] [<ffffffff84763fc0>] devhardstartxmit+0x320/0x980 net/core/dev.c:3660 [<ffffffff8494c650>] schdirectxmit+0x2a0/0x9c0 net/sched/schgeneric.c:342 [<ffffffff8494d883>] qdiscrestart net/sched/schgeneric.c:407 [inline] [<ffffffff8494d883>] __qdiscrun+0xb13/0x1e70 net/sched/schgeneric.c:415 [<ffffffff8478c426>] qdiscrun+0xd6/0x260 include/net/pktsched.h:125 [<ffffffff84796eac>] nettxaction+0x7ac/0x940 net/core/dev.c:5247 [<ffffffff858002bd>] __dosoftirq+0x2bd/0x9bd kernel/softirq.c:599 [<ffffffff814c3fe8>] invokesoftirq kernel/softirq.c:430 [inline] [<ffffffff814c3fe8>] __irqexitrcu+0xc8/0x170 kernel/softirq.c:683 [<ffffffff814c3f09>] irqexitrcu+0x9/0x20 kernel/softirq.c:695