CVE-2024-53112

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: uncache inode which has failed entering the group

Syzbot has reported the following BUG:

kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? _diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ? ocfs2setnewbufferuptodate+0x145/0x160 ? doerrortrap+0x1dc/0x2c0 ? ocfs2setnewbufferuptodate+0x145/0x160 ? _pfxdoerrortrap+0x10/0x10 ? handleinvalidop+0x34/0x40 ? ocfs2setnewbufferuptodate+0x145/0x160 ? excinvalidop+0x38/0x50 ? asmexcinvalidop+0x1a/0x20 ? ocfs2setnewbufferuptodate+0x2e/0x160 ? ocfs2setnewbufferuptodate+0x144/0x160 ? ocfs2setnewbufferuptodate+0x145/0x160 ocfs2groupadd+0x39f/0x15a0 ? _pfxocfs2groupadd+0x10/0x10 ? _pfxlockacquire+0x10/0x10 ? mntgetwriteaccess+0x68/0x2b0 ? _pfxlockrelease+0x10/0x10 ? rcureadlockanyheld+0xb7/0x160 ? _pfxrcureadlockanyheld+0x10/0x10 ? smacklog+0x123/0x540 ? mntgetwriteaccess+0x68/0x2b0 ? mntgetwriteaccess+0x68/0x2b0 ? mntgetwriteaccess+0x226/0x2b0 ocfs2ioctl+0x65e/0x7d0 ? _pfxocfs2ioctl+0x10/0x10 ? smackfileioctl+0x29e/0x3a0 ? _pfxsmackfileioctl+0x10/0x10 ? lockdephardirqsonprepare+0x43d/0x780 ? _pfxlockdephardirqsonprepare+0x10/0x10 ? _pfxocfs2ioctl+0x10/0x10 _sesysioctl+0xfb/0x170 dosyscall64+0xf3/0x230 entrySYSCALL64after_hwframe+0x77/0x7f ... </TASK>

When 'ioctl(OCFS2IOCGROUPADD, ...)' has failed for the particular inode in 'ocfs2verifygroupandinput()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2setnewbufferuptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2removefromcache()' on error path in 'ocfs2groupadd()'.