syzbot

loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __schedule+0x22fc/0x4c90
CPU: 0 UID: 0 PID: 7666 Comm: syz.0.1098 Not tainted 6.14.0-rc6-syzkaller-00115-ge3a854b577cb #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 panic+0x349/0x880 kernel/panic.c:354
 __stack_chk_fail+0x15/0x20 kernel/panic.c:836
 __schedule+0x22fc/0x4c90
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7087
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:get_current arch/x86/include/asm/current.h:49 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:245 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x90 kernel/kcov.c:314
Code: 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 04 24 <65> 48 8b 14 25 80 d6 03 00 65 8b 05 20 f3 41 7e 25 00 01 ff 00 74
RSP: 0018:ffffc9000d2b72c0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffff88801fb68000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff81d14e84 R09: 1ffffffff28a9908
R10: dffffc0000000000 R11: fffffbfff28a9909 R12: ffff88801fb68000
R13: dffffc0000000000 R14: 0000000000000000 R15: 00007f70a3f8d169
 rcu_read_unlock include/linux/rcupdate.h:878 [inline]
 is_bpf_text_address+0x1f4/0x2a0 kernel/bpf/core.c:774
 kernel_text_address+0xa7/0xe0 kernel/extable.c:125
 __kernel_text_address+0xd/0x40 kernel/extable.c:79
 unwind_get_return_address+0x4d/0x90 arch/x86/kernel/unwind_orc.c:369
 arch_stack_walk+0xfd/0x150 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kmem_cache_free+0x195/0x410 mm/slub.c:4711
 vma_lock_free kernel/fork.c:458 [inline]
 __vm_area_free+0xe3/0x110 kernel/fork.c:514
 exit_mmap+0x6b9/0xd40 mm/mmap.c:1308
 __mmput+0x115/0x420 kernel/fork.c:1356
 exit_mm+0x220/0x310 kernel/exit.c:570
 do_exit+0x9ad/0x28e0 kernel/exit.c:925
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x168c/0x1720 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f70a3f8d169
Code: Unable to access opcode bytes at 0x7f70a3f8d13f.
RSP: 002b:00007f70a4ecd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007f70a41a5fa8 RCX: 00007f70a3f8d169
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f70a41a5fac
RBP: 00007f70a41a5fa0 R08: 7fffffffffffffff R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f70a41a5fac
R13: 0000000000000000 R14: 00007ffc0ac27960 R15: 00007ffc0ac27a48
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
----------------
Code disassembly (best guess):
   0:	44 0a 20             	or     (%rax),%r12b
   3:	c3                   	ret
   4:	cc                   	int3
   5:	cc                   	int3
   6:	cc                   	int3
   7:	cc                   	int3
   8:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   f:	00 00 00
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	f3 0f 1e fa          	endbr64
  26:	4c 8b 04 24          	mov    (%rsp),%r8
* 2a:	65 48 8b 14 25 80 d6 	mov    %gs:0x3d680,%rdx <-- trapping instruction
  31:	03 00
  33:	65 8b 05 20 f3 41 7e 	mov    %gs:0x7e41f320(%rip),%eax        # 0x7e41f35a
  3a:	25 00 01 ff 00       	and    $0xff0100,%eax
  3f:	74                   	.byte 0x74