{"id":"CVE-2025-68337","summary":"jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted","details":"In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted\n\nThere's issue when file system corrupted:\n------------[ cut here ]------------\nkernel BUG at fs/jbd2/transaction.c:1289!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next\nRIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0\nRSP: 0018:ffff888117aafa30 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534\nRDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010\nRBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028\nR10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __ext4_journal_get_create_access+0x42/0x170\n ext4_getblk+0x319/0x6f0\n ext4_bread+0x11/0x100\n ext4_append+0x1e6/0x4a0\n ext4_init_new_dir+0x145/0x1d0\n ext4_mkdir+0x326/0x920\n vfs_mkdir+0x45c/0x740\n do_mkdirat+0x234/0x2f0\n __x64_sys_mkdir+0xd6/0x120\n do_syscall_64+0x5f/0xfa0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe above issue occurs with us in errors=continue mode when accompanied by\nstorage failures. There have been many inconsistencies in the file system\ndata.\nIn the case of file system data inconsistency, for example, if the block\nbitmap of a referenced block is not set, it can lead to the situation where\na block being committed is allocated and used again. As a result, the\nfollowing condition will not be satisfied then trigger BUG_ON. Of course,\nit is entirely possible to construct a problematic image that can trigger\nthis BUG_ON through specific operations. In fact, I have constructed such\nan image and easily reproduced this issue.\nTherefore, J_ASSERT() holds true only under ideal conditions, but it may\nnot necessarily be satisfied in exceptional scenarios. Using J_ASSERT()\ndirectly in abnormal situations would cause the system to crash, which is\nclearly not what we want. So here we directly trigger a JBD abort instead\nof immediately invoking BUG_ON.","modified":"2026-04-02T13:03:34.553920Z","published":"2025-12-22T16:14:14.145Z","related":["SUSE-SU-2026:0447-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0473-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:10039-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68337.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3faac6531d4818cd6be45e5bbf32937bbbc795c0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/71bbe06c40fc59b5b15661eca8ff307f4176d7f9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/986835bf4d11032bba4ab8414d18fce038c61bb4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2a7f854d154a3e9232fec80782dad951655f52f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aa1703f3f706ea0867fb1991dcac709c9ec94cfb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b4f8eabf6d991bd41fabcdf9302c4b3eab590cf4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bf34c72337e40c4670cceeb79b353356933a254b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed62fd8c15d41c4127ad16b8219b63124f5962bc"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68337.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68337"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"470decc613ab2048b619a01028072d932d9086ee"},{"fixed":"71bbe06c40fc59b5b15661eca8ff307f4176d7f9"},{"fixed":"ed62fd8c15d41c4127ad16b8219b63124f5962bc"},{"fixed":"3faac6531d4818cd6be45e5bbf32937bbbc795c0"},{"fixed":"b4f8eabf6d991bd41fabcdf9302c4b3eab590cf4"},{"fixed":"a2a7f854d154a3e9232fec80782dad951655f52f"},{"fixed":"bf34c72337e40c4670cceeb79b353356933a254b"},{"fixed":"aa1703f3f706ea0867fb1991dcac709c9ec94cfb"},{"fixed":"986835bf4d11032bba4ab8414d18fce038c61bb4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68337.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.19"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.62"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68337.json"}}],"schema_version":"1.7.5"}