From nobody Tue Jun 16 10:01:51 2026 Received: from out203-205-221-164.mail.qq.com (out203-205-221-164.mail.qq.com [203.205.221.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC8FD1A9B58 for ; Sat, 18 Apr 2026 09:06:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.164 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776503204; cv=none; b=btoV0Q/JSDE/DdD56fmTw4oCYl9VnDGkd/HloBoXxJjiWKW2sLNzgwoi2sfXlm4285aU+T1rrK9+NsksJp0OJbUjAiYXFwJCYWgUVkP8jy9sn5Ip6Xh1SOJpLEFZTrlh5/9fuQF4FXOZrsqGwAO5bSDLzJW0I3Jg0OuaQira8WM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776503204; c=relaxed/simple; bh=pcMnyboTgAbx1JaGSfvkAuezYGHc25V2gQC9/McUorA=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=Viwgb5CpGsZcnAiQlHkzJbTe1bZAQTXbaBSLZ6pJycRDYu7mWRrQQoerzspCrZjAxuLyFzTxS8Y8ki6ypsEjh/lEt8HCZpOB0Q2ZrXzi00mTz87UJ/yGRcGV9BgnZFsrSBkl5FJMWAYYq28UcTQpK8zyzMMEFqmUmicFbUFtrvU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=UZYZ9+ZH; arc=none smtp.client-ip=203.205.221.164 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="UZYZ9+ZH" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1776503193; bh=fK7uMXslMxanDt1FcuIGojMfaWT51ueDaQZatGgvCFQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=UZYZ9+ZHt4evXAGklEx+Q7Sh6aTMJ9ivhvN/ZORJYebfMFzIYJhWr7192lB+Q6AYp YQ6kilNIHxutwhndZEZGb0xUp2pJa4VxzEAI0HxeEi2ZAyMmfa4AWkwabr7M4Tfewa huUqMUuuHyYsl0ygkSer/RmF8t21ZEBiftB2QQp0= Received: from lxu-ped-host.. ([111.198.231.89]) by newxmesmtplogicsvrsza73-0.qq.com (NewEsmtp) with SMTP id 15006671; Sat, 18 Apr 2026 17:05:16 +0800 X-QQ-mid: xmsmtpt1776503116tjmhcevid Message-ID: X-QQ-XMAILINFO: N/WmRbclY25GeVc78oIF+9BzKA1sCGNYpcWxaXFhb7G/3ww7x3HR0urbgATTdt hcIP7pw5AzylqQDdGEd//VUYEXOfwDxgBoOS/vftVQofv4JqJTXYfBPoN9DevjCHC/hcQ/MZXObM i64FNi5BnxoZwT7KPm0+x/lPIG4FQFNcllXNQZVp2l+0WK5yVeE7a955uib/ND5Jq4cyrHqBBa3k StiS5CaIH2UqGl3mJlmwtqO3DIQoiiX1ZuWAGwNkqExBkdHFMNYSRUyEkkdWfpG1q7/ImBd6jZ4K IWOZv/4nxjM6e5fAIX2tkdbvjXoHl41SYjmwS0xWBq5Tycu99No1N8YuKWFiEORXUb0nBmxSrqQR iGVqjt9LgJ27L61GgIeOp1TRnMJ9W1MtnWx4UDBhdZ9f2t4UqCEeq2hSbw8zB4wY9tuwBIDH5y1I K1J9/zLwVBkutX6A35anZpCHpQcmUlrJKndc+1sY/g4wlA92b9dSAIfLGPV+9Ta3Hj0bi5tDsScK 2TMZTa6cCikzBtekqPBg6zAhzmEdVSZJOEDHPqDmJqKgYPVwYN7IKwPVSX8+cL7ygGb1W6qPkKSk McI1rjOvTShgGdiK5yXwvNEkVIq1Ry3Y7hEx89ypkh/XY2dmY4TC1ygLEt/vWjkE0tyqvijxy+Tc JqaZ/igT7HQQL3YCil4k6zRog8pFmmLFolNjuebumTAoox5Pwu4uGCpTmkyL9c0/yups17FGSbGw A1wh1/2AskhkIOCZLONxuAnEEXEdCoDka8DHndT4HLMYhdtqFe+BttE8JSqXvUxgPP1VVDD0RFCN dASs35Q/PUJ1OgsjTDR1jlFkC0mSLOJoWss6qL38DOlzQUiECUqZE2XhKcBxlEueT/gwX15DIACH wGDHhcNZBBcekvHeS59Ezklqr2BSTc4ye0bKcyhCIL9WScW2/kkHQpi4a2Ppz+lG28YfKCu5JgaN BigFNFf1ZOkFjGviPvA1W06a6V3jiO/tx2UTp2/X7qX2ebiZmosBZ1mAAkAm2c/1BU7FFQGoV57L /8dUUSaZK4AFTq7vgrvoLE3aRSHno= X-QQ-XMRINFO: NyFYKkN4Ny6FuXrnB5Ye7Aabb3ujjtK+gg== From: Edward Adam Davis To: syzbot+ecf51a7ccb6b1394e90c@syzkaller.appspotmail.com Cc: jfs-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org, shaggy@kernel.org, syzkaller-bugs@googlegroups.com Subject: [PATCH] jfs: Read returns only when the bio is done Date: Sat, 18 Apr 2026 17:05:16 +0800 X-OQ-MSGID: <20260418090515.468354-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <69df5517.a00a0220.468cb.0074.GAE@google.com> References: <69df5517.a00a0220.468cb.0074.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Fixed the sequencing of setting the DONE flag and waking up the ioevent. The ioevent wakeup must occur after the DONE flag has been set, and while under the protection of the jfsLCacheLock. This ensures that when the thread associated with wait_event() resumes execution (e.g., in lbmRead/ Write/IOWait, etc.), it will strictly avoid accessing any content related to the bio, simultaneously, this guarantees the stable and proper shutdown of subsequent log I/O operations. Fixes: b15e4310633f ("jfs: Set the lbmDone flag at the end of lbmIODone") Reported-by: syzbot+ecf51a7ccb6b1394e90c@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Decf51a7ccb6b1394e90c Tested-by: syzbot+ecf51a7ccb6b1394e90c@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- fs/jfs/jfs_logmgr.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c index 306165e61438..f795f19d24bb 100644 --- a/fs/jfs/jfs_logmgr.c +++ b/fs/jfs/jfs_logmgr.c @@ -1984,7 +1984,7 @@ static int lbmRead(struct jfs_log * log, int pn, stru= ct lbuf ** bpp) submit_bio(bio); } =20 - wait_event(bp->l_ioevent, (bp->l_flag !=3D lbmREAD)); + wait_event(bp->l_ioevent, (bp->l_flag & lbmDONE)); =20 return 0; } @@ -2192,9 +2192,6 @@ static void lbmIODone(struct bio *bio) if (bp->l_flag & lbmREAD) { bp->l_flag &=3D ~lbmREAD; =20 - /* wakeup I/O initiator */ - LCACHE_WAKEUP(&bp->l_ioevent); - goto out; } =20 @@ -2217,10 +2214,8 @@ static void lbmIODone(struct bio *bio) log =3D bp->l_log; log->clsn =3D (bp->l_pn << L2LOGPSIZE) + bp->l_ceor; =20 - if (bp->l_flag & lbmDIRECT) { - LCACHE_WAKEUP(&bp->l_ioevent); + if (bp->l_flag & lbmDIRECT) goto out; - } =20 tail =3D log->wqueue; =20 @@ -2271,8 +2266,7 @@ static void lbmIODone(struct bio *bio) * leave buffer for i/o initiator to dispose */ if (bp->l_flag & lbmSYNC) { - /* wakeup I/O initiator */ - LCACHE_WAKEUP(&bp->l_ioevent); + goto out; } =20 /* @@ -2298,6 +2292,8 @@ static void lbmIODone(struct bio *bio) =20 out: bp->l_flag |=3D lbmDONE; + /* wakeup I/O initiator */ + LCACHE_WAKEUP(&bp->l_ioevent); LCACHE_UNLOCK(flags); } =20 --=20 2.43.0