==================================================================
BUG: KASAN: slab-out-of-bounds in cleancache_fs_enabled_mapping include/linux/cleancache.h:54 [inline]
BUG: KASAN: slab-out-of-bounds in cleancache_invalidate_page include/linux/cleancache.h:108 [inline]
BUG: KASAN: slab-out-of-bounds in unaccount_page_cache_page+0x6e6/0x750 mm/filemap.c:169
Read of size 4 at addr ffff8881ec35a488 by task syz-executor.5/6714

CPU: 0 PID: 6714 Comm: syz-executor.5 Not tainted 5.4.242-syzkaller-00065-g10e0626a3202 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 cleancache_fs_enabled_mapping include/linux/cleancache.h:54 [inline]
 cleancache_invalidate_page include/linux/cleancache.h:108 [inline]
 unaccount_page_cache_page+0x6e6/0x750 mm/filemap.c:169
 __delete_from_page_cache+0xd0/0x600 mm/filemap.c:237
 __remove_mapping+0x4a2/0x590 mm/vmscan.c:978
 shrink_page_list+0x22f9/0x42c0 mm/vmscan.c:1482
 shrink_inactive_list+0x533/0xfe0 mm/vmscan.c:2001
 shrink_list mm/vmscan.c:2293 [inline]
 shrink_node_memcg+0xc42/0x2430 mm/vmscan.c:2623
 shrink_node+0x389/0x14a0 mm/vmscan.c:2836
 shrink_zones mm/vmscan.c:3053 [inline]
 do_try_to_free_pages+0x63f/0x12b0 mm/vmscan.c:3111
 try_to_free_mem_cgroup_pages+0x3f6/0x9b0 mm/vmscan.c:3412
 memory_high_write+0x176/0x260 mm/memcontrol.c:6177
 cgroup_file_write+0x275/0x5f0 kernel/cgroup/cgroup.c:3898
 kernfs_fop_write+0x2e2/0x3e0 fs/kernfs/file.c:315
 __vfs_write+0x103/0x750 fs/read_write.c:494
 vfs_write+0x206/0x4e0 fs/read_write.c:558
 ksys_write+0x199/0x2c0 fs/read_write.c:611
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Allocated by task 5899:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 kmalloc include/linux/slab.h:556 [inline]
 audit_log_d_path+0xb2/0x2f0 kernel/audit.c:2078
 dump_common_audit_data security/lsm_audit.c:248 [inline]
 common_lsm_audit+0x33d/0x17e0 security/lsm_audit.c:461
 slow_avc_audit+0x26c/0x3c0 security/selinux/avc.c:790
 avc_audit security/selinux/include/avc.h:140 [inline]
 avc_has_perm+0x1f5/0x260 security/selinux/avc.c:1193
 selinux_bprm_set_creds+0x5f1/0x1210 security/selinux/hooks.c:2401
 security_bprm_set_creds+0x5d/0x90 security/security.c:777
 prepare_binprm+0x552/0x780 fs/exec.c:1620
 __do_execve_file+0x8b9/0x10d0 fs/exec.c:1843
 do_execveat_common fs/exec.c:1920 [inline]
 do_execveat fs/exec.c:1948 [inline]
 __do_sys_execveat fs/exec.c:2024 [inline]
 __se_sys_execveat fs/exec.c:2016 [inline]
 __x64_sys_execveat+0xcf/0xe0 fs/exec.c:2016
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Freed by task 5899:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kfree+0x123/0x370 mm/slub.c:4071
 dump_common_audit_data security/lsm_audit.c:248 [inline]
 common_lsm_audit+0x33d/0x17e0 security/lsm_audit.c:461
 slow_avc_audit+0x26c/0x3c0 security/selinux/avc.c:790
 avc_audit security/selinux/include/avc.h:140 [inline]
 avc_has_perm+0x1f5/0x260 security/selinux/avc.c:1193
 selinux_bprm_set_creds+0x5f1/0x1210 security/selinux/hooks.c:2401
 security_bprm_set_creds+0x5d/0x90 security/security.c:777
 prepare_binprm+0x552/0x780 fs/exec.c:1620
 __do_execve_file+0x8b9/0x10d0 fs/exec.c:1843
 do_execveat_common fs/exec.c:1920 [inline]
 do_execveat fs/exec.c:1948 [inline]
 __do_sys_execveat fs/exec.c:2024 [inline]
 __se_sys_execveat fs/exec.c:2016 [inline]
 __x64_sys_execveat+0xcf/0xe0 fs/exec.c:2016
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

The buggy address belongs to the object at ffff8881ec358000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1160 bytes to the right of
 8192-byte region [ffff8881ec358000, ffff8881ec35a000)
The buggy address belongs to the page:
page:ffffea0007b0d600 refcount:1 mapcount:0 mapping:ffff8881f5c0c500 index:0xffff8881ec358000 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 ffffea0006b37608 ffffea00067e9008 ffff8881f5c0c500
raw: ffff8881ec358000 0000000000020000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4891
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc_trace+0x12d/0x260 mm/slub.c:2854
 kmalloc include/linux/slab.h:556 [inline]
 kzalloc include/linux/slab.h:690 [inline]
 cryptomgr_schedule_probe crypto/algboss.c:102 [inline]
 cryptomgr_notify+0x18a/0xf30 crypto/algboss.c:267
 notifier_call_chain kernel/notifier.c:98 [inline]
 __blocking_notifier_call_chain kernel/notifier.c:322 [inline]
 blocking_notifier_call_chain+0xd5/0x160 kernel/notifier.c:333
 crypto_probing_notify crypto/api.c:251 [inline]
 crypto_alg_mod_lookup+0x4e6/0x710 crypto/api.c:281
 crypto_has_alg+0x22/0x110 crypto/api.c:587
 crypto_has_comp include/linux/crypto.h:1824 [inline]
 xfrm_probe_algs+0x2f0/0x340 net/xfrm/xfrm_algo.c:795
 pfkey_register+0x115/0x830 net/key/af_key.c:1705
 pfkey_process net/key/af_key.c:2848 [inline]
 pfkey_sendmsg+0xbc2/0x1040 net/key/af_key.c:3699
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg net/socket.c:658 [inline]
 ____sys_sendmsg+0x5ac/0x8f0 net/socket.c:2287
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4953 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4959
 free_thread_stack kernel/fork.c:299 [inline]
 release_task_stack kernel/fork.c:439 [inline]
 put_task_stack+0x212/0x260 kernel/fork.c:450
 finish_task_switch+0x24a/0x590 kernel/sched/core.c:3479
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 schedule_idle+0x50/0x80 kernel/sched/core.c:4403
 do_idle+0x609/0x660 kernel/sched/idle.c:288
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:356
 start_secondary+0x3a0/0x460 arch/x86/kernel/smpboot.c:265
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

Memory state around the buggy address:
 ffff8881ec35a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8881ec35a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8881ec35a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff8881ec35a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8881ec35a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================