CVE-2024-26685

In the Linux kernel, the following vulnerability has been resolved: nilfs2:
fix potential bug in end_buffer_async_write According to a syzbot report,
end_buffer_async_write(), which handles the completion of block device
writes, may detect abnormal condition of the buffer async_write flag and
cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use
end_buffer_async_write(). But, the async_write flag is now used as a marker
by commit 7f42ec394156 (“nilfs2: fix issue with race condition of
competition between segments for dirty blocks”) as a means of resolving
double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers()
and nilfs_lookup_node_buffers() and the resulting crash. This modification
is safe as long as it is used for file data and b-tree node blocks where
the page caches are independent. However, it was irrelevant and redundant
to also introduce async_write for segment summary and super root blocks
that share buffers with the backing device. This led to the possibility
that the BUG_ON check in end_buffer_async_write would fail as described
above, if independent writebacks of the backing device occurred in
parallel. The use of async_write for segment summary buffers has already
been removed in a previous change. Fix this issue by removing the
manipulation of the async_write flag for the remaining super root block
buffer.