In the Linux kernel, the following vulnerability has been resolved:
jfs: reject on-disk inodes of an unsupported type
Syzbot has reported the following BUG:
kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clearinode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace: <TASK> ? _diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ? clearinode+0x168/0x190 ? doerrortrap+0x1dc/0x2c0 ? clearinode+0x168/0x190 ? _pfxdoerrortrap+0x10/0x10 ? reportbug+0x3cd/0x500 ? handleinvalidop+0x34/0x40 ? clearinode+0x168/0x190 ? excinvalidop+0x38/0x50 ? asmexcinvalidop+0x1a/0x20 ? clearinode+0x57/0x190 ? clearinode+0x167/0x190 ? clearinode+0x168/0x190 ? clearinode+0x167/0x190 jfsevictinode+0xb5/0x440 ? _pfxjfsevictinode+0x10/0x10 evict+0x4ea/0x9b0 ? _pfxevict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? _pfxtxUpdateMap+0x10/0x10 jfslazycommit+0x49a/0xb80 ? rawspinunlockirqrestore+0x8f/0x140 ? lockdephardirqson+0x99/0x150 ? _pfxjfslazycommit+0x10/0x10 ? _pfxdefaultwakefunction+0x10/0x10 ? _kthreadparkme+0x169/0x1d0 ? _pfxjfslazycommit+0x10/0x10 kthread+0x2f2/0x390 ? _pfxjfslazycommit+0x10/0x10 ? _pfxkthread+0x10/0x10 retfromfork+0x4d/0x80 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK>
This happens when 'clearinode()' makes an attempt to finalize an underlying JFS inode of unknown type. According to JFS layout description from https://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to 15 are reserved for future extensions and should not be encountered on a valid filesystem. So add an extra check for valid inode type in 'copyfrom_dinode()'.
[
{
"digest": {
"function_hash": "117095639054844287545725410683997675899",
"length": 2476.0
},
"signature_type": "Function",
"target": {
"function": "copy_from_dinode",
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8987891c4653874d5e3f5d11f063912f4e0b58eb",
"signature_version": "v1",
"id": "CVE-2025-37925-09e0c516"
},
{
"digest": {
"function_hash": "21628401174261532788019595897884995143",
"length": 2584.0
},
"signature_type": "Function",
"target": {
"function": "copy_from_dinode",
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@afc08b0b5587b553799bc375957706936a3e0088",
"signature_version": "v1",
"id": "CVE-2025-37925-1c447ca5"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43431151794643759528849640040315990548",
"273550963559641632441488240980183892486",
"71553567370975346006870336563954048789",
"76689378769793627361186187989713227235",
"62238118318054584376830745314288132543",
"53441463992199879683365986703836952609",
"301164295072342203773202227069976238722",
"45358267208608531621135663430252502981"
]
},
"signature_type": "Line",
"target": {
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@afc08b0b5587b553799bc375957706936a3e0088",
"signature_version": "v1",
"id": "CVE-2025-37925-1f3875d7"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43431151794643759528849640040315990548",
"273550963559641632441488240980183892486",
"71553567370975346006870336563954048789",
"76689378769793627361186187989713227235",
"62238118318054584376830745314288132543",
"53441463992199879683365986703836952609",
"301164295072342203773202227069976238722",
"45358267208608531621135663430252502981"
]
},
"signature_type": "Line",
"target": {
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28419a4f3a1eeee33472a1b3856ae62aaa5a649b",
"signature_version": "v1",
"id": "CVE-2025-37925-23ec9fdb"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43431151794643759528849640040315990548",
"273550963559641632441488240980183892486",
"71553567370975346006870336563954048789",
"76689378769793627361186187989713227235",
"62238118318054584376830745314288132543",
"53441463992199879683365986703836952609",
"301164295072342203773202227069976238722",
"45358267208608531621135663430252502981"
]
},
"signature_type": "Line",
"target": {
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45fd8421081ec79e661e5f3ead2934fdbddb4287",
"signature_version": "v1",
"id": "CVE-2025-37925-34834559"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43431151794643759528849640040315990548",
"273550963559641632441488240980183892486",
"71553567370975346006870336563954048789",
"76689378769793627361186187989713227235",
"62238118318054584376830745314288132543",
"53441463992199879683365986703836952609",
"301164295072342203773202227069976238722",
"45358267208608531621135663430252502981"
]
},
"signature_type": "Line",
"target": {
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6ce4a9cc9fcc8150b80db6f65186c0ed2b3143",
"signature_version": "v1",
"id": "CVE-2025-37925-41c1cfd5"
},
{
"digest": {
"function_hash": "117095639054844287545725410683997675899",
"length": 2476.0
},
"signature_type": "Function",
"target": {
"function": "copy_from_dinode",
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9",
"signature_version": "v1",
"id": "CVE-2025-37925-68eb6ffd"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43431151794643759528849640040315990548",
"273550963559641632441488240980183892486",
"71553567370975346006870336563954048789",
"76689378769793627361186187989713227235",
"62238118318054584376830745314288132543",
"53441463992199879683365986703836952609",
"301164295072342203773202227069976238722",
"45358267208608531621135663430252502981"
]
},
"signature_type": "Line",
"target": {
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9",
"signature_version": "v1",
"id": "CVE-2025-37925-8bade0bb"
},
{
"digest": {
"function_hash": "21628401174261532788019595897884995143",
"length": 2584.0
},
"signature_type": "Function",
"target": {
"function": "copy_from_dinode",
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa6ce4a9cc9fcc8150b80db6f65186c0ed2b3143",
"signature_version": "v1",
"id": "CVE-2025-37925-8e4cf457"
},
{
"digest": {
"function_hash": "273584596281272771102276824146006292737",
"length": 2548.0
},
"signature_type": "Function",
"target": {
"function": "copy_from_dinode",
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45fd8421081ec79e661e5f3ead2934fdbddb4287",
"signature_version": "v1",
"id": "CVE-2025-37925-98158761"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"43431151794643759528849640040315990548",
"273550963559641632441488240980183892486",
"71553567370975346006870336563954048789",
"76689378769793627361186187989713227235",
"62238118318054584376830745314288132543",
"53441463992199879683365986703836952609",
"301164295072342203773202227069976238722",
"45358267208608531621135663430252502981"
]
},
"signature_type": "Line",
"target": {
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8987891c4653874d5e3f5d11f063912f4e0b58eb",
"signature_version": "v1",
"id": "CVE-2025-37925-9a2aa70b"
},
{
"digest": {
"function_hash": "117095639054844287545725410683997675899",
"length": 2476.0
},
"signature_type": "Function",
"target": {
"function": "copy_from_dinode",
"file": "fs/jfs/jfs_imap.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28419a4f3a1eeee33472a1b3856ae62aaa5a649b",
"signature_version": "v1",
"id": "CVE-2025-37925-b9a67eb4"
}
]