Bug detected by Syzbot:
BUG: sleeping function called from invalid context in jfs_fsync

Fix jfs_fsync() to avoid sleeping in softirq/atomic, preventing crash.
Skip execution in softirq/atomic and return -EWOULDBLOCK to prevent issues.
Correct generic_file_fsync() call to pass the required arguments properly.

Reported-by: syzbot+219127d0a3bce650e1b6@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=219127d0a3bce650e1b6
Tested-by: syzbot+219127d0a3bce650e1b6@syzkaller.appspotmail.com
Fixes: 5955102c9984 ("wrappers for ->i_mutex access")
Signed-off-by: Purva Yeshi <purvayeshi550@gmail.com>
---
 fs/jfs/file.c | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 93a3e7a45b0f..fc93376eb1e6 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c
@@ -19,25 +19,17 @@
 int jfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
 {
 	struct inode *inode = file->f_mapping->host;
-	int rc = 0;
 
-	rc = file_write_and_wait_range(file, start, end);
-	if (rc)
-		return rc;
-
-	inode_lock(inode);
-	if (!(inode->i_state & I_DIRTY_ALL) ||
-		(datasync && !(inode->i_state & I_DIRTY_DATASYNC))) {
-		/* Make sure committed changes hit the disk */
-		jfs_flush_journal(JFS_SBI(inode->i_sb)->log, 1);
-		inode_unlock(inode);
-		return rc;
+	if (in_softirq() || in_atomic()) {
+		pr_warn("jfs_fsync() called in softirq/atomic context, skipping execution.\n");
+		return -EWOULDBLOCK;
 	}
 
-	rc |= jfs_commit_inode(inode, 1);
+	inode_lock(inode);
+	generic_file_fsync(file, start, end, datasync);
 	inode_unlock(inode);
 
-	return rc ? -EIO : 0;
+	return 0;
 }
 
 static int jfs_open(struct inode *inode, struct file *file)
-- 
2.34.1

On Sat, Mar 22, 2025 at 07:51:34PM +0530, Purva Yeshi wrote:
> Bug detected by Syzbot:
> BUG: sleeping function called from invalid context in jfs_fsync
> 
> Fix jfs_fsync() to avoid sleeping in softirq/atomic, preventing crash.
> Skip execution in softirq/atomic and return -EWOULDBLOCK to prevent issues.
> Correct generic_file_fsync() call to pass the required arguments properly.

_ANY_ ->fsync() instance may sleep; adding that bandaid in jfs one does
not fix anything - the realy bug is whatever leads to having that
*called* in such conditions (e.g. having an unbalanced spin_lock()
somewhere, etc.)

NAK.

On 22/03/25 20:05, Al Viro wrote:
> On Sat, Mar 22, 2025 at 07:51:34PM +0530, Purva Yeshi wrote:
>> Bug detected by Syzbot:
>> BUG: sleeping function called from invalid context in jfs_fsync
>>
>> Fix jfs_fsync() to avoid sleeping in softirq/atomic, preventing crash.
>> Skip execution in softirq/atomic and return -EWOULDBLOCK to prevent issues.
>> Correct generic_file_fsync() call to pass the required arguments properly.
> 
> _ANY_ ->fsync() instance may sleep; adding that bandaid in jfs one does
> not fix anything - the realy bug is whatever leads to having that
> *called* in such conditions (e.g. having an unbalanced spin_lock()
> somewhere, etc.)
> 
> NAK.

Thanks for the review. Based on your feedback, I have analyzed the call 
path leading to fsync() being invoked in an invalid context. The issue 
arises because generic_write_sync() is being called inside 
dio_complete(), which can be triggered from dio_bio_end_aio().

dio_bio_end_aio() executes as a bio completion handler, which may run in 
a SoftIRQ context. If dio_complete() is called directly (without 
deferring), generic_write_sync() gets executed within SoftIRQ, which is 
problematic since fsync() (invoked later) may sleep.