Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __schedule+0x22fc/0x4c90 CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 panic+0x349/0x880 kernel/panic.c:354 __stack_chk_fail+0x15/0x20 kernel/panic.c:836 __schedule+0x22fc/0x4c90 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7087 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5855 Code: 2b 00 74 08 4c 89 f7 e8 ba 4b 8c 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 RSP: 0018:ffffc9000d426540 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 1ffff92001a84cb4 RCX: ffff888000a5d368 RDX: dffffc0000000000 RSI: ffffffff8c2ab6a0 RDI: ffffffff8c80ed80 RBP: ffffc9000d426688 R08: ffffffff96de5877 R09: 1ffffffff2dbcb0e R10: dffffc0000000000 R11: fffffbfff2dbcb0f R12: 1ffff92001a84cb0 R13: dffffc0000000000 R14: ffffc9000d4265a0 R15: 0000000000000246 down_write+0x99/0x220 kernel/locking/rwsem.c:1577 ntfs_set_size+0x13d/0x200 fs/ntfs3/inode.c:855 ntfs_extend+0x1d1/0xad0 fs/ntfs3/file.c:409 ntfs_file_write_iter+0x3e8/0x7e0 fs/ntfs3/file.c:1262 iter_file_splice_write+0xbfa/0x1510 fs/splice.c:743 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0x11b/0x220 fs/splice.c:1164 splice_direct_to_actor+0x586/0xc80 fs/splice.c:1108 do_splice_direct_actor fs/splice.c:1207 [inline] do_splice_direct+0x289/0x3e0 fs/splice.c:1233 ovl_copy_up_file+0x5ed/0x7e0 fs/overlayfs/copy_up.c:349 ovl_copy_up_data+0x216/0x290 fs/overlayfs/copy_up.c:654 ovl_copy_up_workdir fs/overlayfs/copy_up.c:796 [inline] ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline] ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline] ovl_copy_up_flags+0x1e86/0x47c0 fs/overlayfs/copy_up.c:1257 ovl_open+0x139/0x310 fs/overlayfs/file.c:211 do_dentry_open+0xdec/0x1960 fs/open.c:956 vfs_open+0x3b/0x370 fs/open.c:1086 do_open fs/namei.c:3830 [inline] path_openat+0x2c81/0x3590 fs/namei.c:3989 do_filp_open+0x27f/0x4e0 fs/namei.c:4016 do_sys_openat2+0x13e/0x1d0 fs/open.c:1428 do_sys_open fs/open.c:1443 [inline] __do_sys_openat fs/open.c:1459 [inline] __se_sys_openat fs/open.c:1454 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1454 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f71a018cde9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f71a0f55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f71a03a6160 RCX: 00007f71a018cde9 RDX: 0000000000000042 RSI: 0000400000000040 RDI: ffffffffffffff9c RBP: 00007f71a020e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f71a03a6160 R15: 00007ffcedfdcf68 Kernel Offset: disabled Rebooting in 86400 seconds.. ---------------- Code disassembly (best guess): 0: 2b 00 sub (%rax),%eax 2: 74 08 je 0xc 4: 4c 89 f7 mov %r14,%rdi 7: e8 ba 4b 8c 00 call 0x8c4bc6 c: f6 44 24 61 02 testb $0x2,0x61(%rsp) 11: 0f 85 85 01 00 00 jne 0x19c 17: 41 f7 c7 00 02 00 00 test $0x200,%r15d 1e: 74 01 je 0x21 20: fb sti 21: 48 c7 44 24 40 0e 36 movq $0x45e0360e,0x40(%rsp) 28: e0 45 * 2a: 4b c7 44 25 00 00 00 movq $0x0,0x0(%r13,%r12,1) <-- trapping instruction 31: 00 00 33: 43 c7 44 25 09 00 00 movl $0x0,0x9(%r13,%r12,1) 3a: 00 00 3c: 43 rex.XB 3d: c7 .byte 0xc7 3e: 44 rex.R 3f: 25 .byte 0x25