================================================================== BUG: KASAN: slab-out-of-bounds in ext4_xattr_set_entry+0x13e2/0x1ed6 fs/ext4/xattr.c:1750 Write of size 4096 at addr ffffffe00ccd7600 by task syz-executor.1/4737 CPU: 1 PID: 4737 Comm: syz-executor.1 Not tainted 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:112 Allocated by task 2697: (stack is not available) Freed by task 2697: (stack is not available) The buggy address belongs to the object at ffffffe00ccd7500 which belongs to the cache skbuff_head_cache of size 232 The buggy address is located 24 bytes to the right of 232-byte region [ffffffe00ccd7500, ffffffe00ccd75e8) The buggy address belongs to the page: page:ffffffcf0233b5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8ced7 flags: 0xffe000000000200(slab|node=0|zone=0|lastcpupid=0x7ff) raw: 0ffe000000000200 ffffffcf0229ae40 0000000300000002 ffffffe0057b6500 raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 13, ts 318744794300, free_ts 247743236000 page_owner allocation stack trace missing page_owner free stack trace missing Memory state around the buggy address: ffffffe00ccd7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffffffe00ccd7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc >ffffffe00ccd7600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ^ ffffffe00ccd7680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffffffe00ccd7700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc ==================================================================