EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.4849: invalid indirect mapped block 3 (level 2)
loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
EXT4-fs (loop2): 1 orphan inode deleted
EXT4-fs (loop2): 1 truncate cleaned up
==================================================================
BUG: KCSAN: data-race in rwsem_down_write_slowpath / rwsem_down_write_slowpath

write to 0xffffc90000e7b7f0 of 1 bytes by task 20048 on cpu 1:
 rwsem_try_write_lock kernel/locking/rwsem.c:653 [inline]
 rwsem_down_write_slowpath+0x3eb/0xa80 kernel/locking/rwsem.c:1159
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0xab/0xc0 kernel/locking/rwsem.c:1591
 kernfs_activate+0x50/0x220 fs/kernfs/dir.c:1430
 kernfs_add_one+0x212/0x280 fs/kernfs/dir.c:839
 __kernfs_create_file+0x145/0x180 fs/kernfs/file.c:1086
 sysfs_add_file_mode_ns+0x132/0x1b0 fs/sysfs/file.c:313
 create_files fs/sysfs/group.c:82 [inline]
 internal_create_group+0x441/0x9e0 fs/sysfs/group.c:189
 internal_create_groups fs/sysfs/group.c:229 [inline]
 sysfs_create_groups+0x3f/0xf0 fs/sysfs/group.c:255
 setup_gid_attrs drivers/infiniband/core/sysfs.c:1162 [inline]
 ib_setup_port_attrs+0xed2/0x14c0 drivers/infiniband/core/sysfs.c:1439
 add_one_compat_dev+0x297/0x390 drivers/infiniband/core/device.c:1005
 add_compat_devs drivers/infiniband/core/device.c:1063 [inline]
 enable_device_and_get+0x1cd/0x260 drivers/infiniband/core/device.c:1374
 ib_register_device+0xb41/0xcc0 drivers/infiniband/core/device.c:1487
 rxe_register_device+0x175/0x190 drivers/infiniband/sw/rxe/rxe_verbs.c:1556
 rxe_add+0x8c7/0x8e0 drivers/infiniband/sw/rxe/rxe.c:212
 rxe_net_add+0x62/0xb0 drivers/infiniband/sw/rxe/rxe_net.c:618
 rxe_newlink+0xc6/0x180 drivers/infiniband/sw/rxe/rxe.c:234
 nldev_newlink+0x3a8/0x430 drivers/infiniband/core/nldev.c:1797
 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 rdma_nl_rcv+0x477/0x5b0 drivers/infiniband/core/netlink.c:259
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x5c8/0x6f0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0x5af/0x600 net/socket.c:2592
 ___sys_sendmsg+0x195/0x1e0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2681
 x64_sys_call+0x194c/0x3020 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffc90000e7b7f0 of 1 bytes by task 20057 on cpu 0:
 rwsem_down_write_slowpath+0x45e/0xa80 kernel/locking/rwsem.c:1177
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0xab/0xc0 kernel/locking/rwsem.c:1591
 kernfs_activate+0x50/0x220 fs/kernfs/dir.c:1430
 kernfs_add_one+0x212/0x280 fs/kernfs/dir.c:839
 __kernfs_create_file+0x145/0x180 fs/kernfs/file.c:1086
 sysfs_add_file_mode_ns+0x132/0x1b0 fs/sysfs/file.c:313
 create_files fs/sysfs/group.c:82 [inline]
 internal_create_group+0x441/0x9e0 fs/sysfs/group.c:189
 internal_create_groups fs/sysfs/group.c:229 [inline]
 sysfs_create_groups+0x3f/0xf0 fs/sysfs/group.c:255
 create_dir lib/kobject.c:78 [inline]
 kobject_add_internal+0x4a7/0x780 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_init_and_add+0x14a/0x1f0 lib/kobject.c:457
 ext4_register_sysfs+0x97/0x250 fs/ext4/sysfs.c:577
 __ext4_fill_super fs/ext4/super.c:5704 [inline]
 ext4_fill_super+0x372e/0x3800 fs/ext4/super.c:5789
 get_tree_bdev_flags+0x291/0x300 fs/super.c:1694
 get_tree_bdev+0x1f/0x30 fs/super.c:1717
 ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5821
 vfs_get_tree+0x57/0x1d0 fs/super.c:1754
 fc_mount fs/namespace.c:1193 [inline]
 do_new_mount_fc fs/namespace.c:3760 [inline]
 do_new_mount+0x288/0x8d0 fs/namespace.c:3836
 path_mount+0x4d0/0xbc0 fs/namespace.c:4146
 do_mount fs/namespace.c:4159 [inline]
 __do_sys_mount fs/namespace.c:4348 [inline]
 __se_sys_mount+0x28c/0x2e0 fs/namespace.c:4325
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4325
 x64_sys_call+0x2d61/0x3020 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 20057 Comm: syz.2.4849 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
==================================================================