diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index a080f80256cb36ae3c17f42eec4a5b6e5a71a442..aa2d281ff712f5cb840479c4577d0512f1d8f0df 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -6866,6 +6866,8 @@ int smb2_write(struct ksmbd_work *work)
 	}
 
 	offset = le64_to_cpu(req->Offset);
+	if (offset < 0)
+		return -EINVAL;
 	length = le32_to_cpu(req->Length);
 
 	if (req->Channel == SMB2_CHANNEL_RDMA_V1 ||